Merge pull request #17818 from vector-im/gsouquet/fix-6162
Enhance security by disallowing CSP object-src rule
This commit is contained in:
commit
4ba0e6bdee
1 changed files with 0 additions and 1 deletions
|
@ -35,7 +35,6 @@
|
||||||
worker-src 'self';
|
worker-src 'self';
|
||||||
frame-src * blob: data:;
|
frame-src * blob: data:;
|
||||||
form-action 'self';
|
form-action 'self';
|
||||||
object-src 'self';
|
|
||||||
manifest-src 'self';
|
manifest-src 'self';
|
||||||
">
|
">
|
||||||
<% for (var i=0; i < htmlWebpackPlugin.files.css.length; i++) {
|
<% for (var i=0; i < htmlWebpackPlugin.files.css.length; i++) {
|
||||||
|
|
Loading…
Reference in a new issue