Merge pull request #17818 from vector-im/gsouquet/fix-6162
Enhance security by disallowing CSP object-src rule
This commit is contained in:
commit
4ba0e6bdee
1 changed files with 0 additions and 1 deletions
|
@ -35,7 +35,6 @@
|
|||
worker-src 'self';
|
||||
frame-src * blob: data:;
|
||||
form-action 'self';
|
||||
object-src 'self';
|
||||
manifest-src 'self';
|
||||
">
|
||||
<% for (var i=0; i < htmlWebpackPlugin.files.css.length; i++) {
|
||||
|
|
Loading…
Reference in a new issue