don't send require-sri-for CSP because it's not yet supported, cannot be tested, and probably will break when it works
This commit is contained in:
parent
e48afd0df2
commit
0bfd5c0421
1 changed files with 1 additions and 3 deletions
|
@ -63,9 +63,7 @@ module.exports = {
|
||||||
"img-src 'self' data: blob:" + domain,
|
"img-src 'self' data: blob:" + domain,
|
||||||
|
|
||||||
// for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox
|
// for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox
|
||||||
"frame-ancestors *",
|
"frame-ancestors *"
|
||||||
|
|
||||||
'require-sri-for script'
|
|
||||||
].join('; '),
|
].join('; '),
|
||||||
|
|
||||||
// CKEditor requires significantly more lax content security policy in order to function.
|
// CKEditor requires significantly more lax content security policy in order to function.
|
||||||
|
|
Loading…
Reference in a new issue