mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 22:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add basic CSP support

Browse source
This commit is contained in:
Literallie 2017-10-18 17:10:23 +02:00
parent a23048254d
commit ba183ce654
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
2 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/config/default.js
View file

@ -13,6 +13,16 @@ module.exports = {
includeSubdomains: true,
preload: true
},
csp: {
enable: true,
reportUri: '',
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
fontSrc: ["'self'"]
}
},
protocolusessl: false,
usecdn: true,
allowanonymous: true,