Merge pull request #1222 from hedgedoc/fix/upgrade_insecure_requests

Fix upgradeInsecureRequests CSP directive
2021-05-06 21:18:46 +02:00
parent dc1f621eb8 0b61f48129
commit 140b2c261c
1 changed files with 2 additions and 2 deletions
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -85,9 +85,9 @@ function getCspNonce (req, res) {

 function addUpgradeUnsafeRequestsOptionTo (directives) {
  if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
  } else if (config.csp.upgradeInsecureRequests === true) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
  }
 }