From ecce654ca66f60e43ad818f503a534a00de26b6b Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Mon, 17 Feb 2020 12:48:10 -0500
Subject: [PATCH] add 'resource:' to script-src to enable shared-worker
 debugging in firefox

---
 docs/example.nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 80c799f8c..ea8224c14 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -96,7 +96,7 @@ server {
     set $workerSrc  "https://${main_domain}";
 
     # script-src specifies valid sources for javascript, including inline handlers
-    set $scriptSrc  "'self' ${main_domain}";
+    set $scriptSrc  "'self' resource: ${main_domain}";
 
     set $unsafe 0;
     # the following assets are loaded via the sandbox domain
@@ -110,7 +110,7 @@ server {
 
     # privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
     if ($unsafe) {
-        set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' ${main_domain}";
+        set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}";
     }
 
     # Finally, set all the rules you composed above.