mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-09 13:51:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add missing unsafe-inline CSP directive

Browse source 
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2020-08-23 01:29:53 +02:00
parent f821da6c09
commit 8932260360
No known key found for this signature in database
GPG key ID: DB99ADDDC5C0AF82
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/csp.js
View file

@ -33,7 +33,7 @@ var googleAnalyticsDirectives = {
}
var dropboxDirectives = {
scriptSrc: ['https://www.dropbox.com']
scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
}
CspStrategy.computeDirectives = function () {