sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add missing unsafe-inline CSP directive

Browse Source 
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson
2020-08-23 01:29:53 +02:00
parent f821da6c09
commit 8932260360
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/csp.js
View File

@@ -33,7 +33,7 @@ var googleAnalyticsDirectives = {
}
var dropboxDirectives = {
scriptSrc: ['https://www.dropbox.com']
scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
}
CspStrategy.computeDirectives = function () {