From 0bfd5c04217d97d2cb09aa0cebd3129939b48f54 Mon Sep 17 00:00:00 2001
From: Caleb James DeLisle <cjd@cjdns.fr>
Date: Tue, 12 Jun 2018 17:33:32 +0200
Subject: [PATCH] don't send require-sri-for CSP because it's not yet
 supported, cannot be tested, and probably will break when it works

---
 config.example.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/config.example.js b/config.example.js
index 21b1c2fbc..d16d80c0f 100644
--- a/config.example.js
+++ b/config.example.js
@@ -63,9 +63,7 @@ module.exports = {
         "img-src 'self' data: blob:" + domain,
 
         // for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox
-        "frame-ancestors *",
-
-        'require-sri-for script'
+        "frame-ancestors *"
     ].join('; '),
 
     // CKEditor requires significantly more lax content security policy in order to function.