From 72fafc5b4fc9fa9365fe43272aeee226e3d01f62 Mon Sep 17 00:00:00 2001 From: Al McKinlay Date: Tue, 30 Jan 2018 09:23:34 +0000 Subject: [PATCH] Allow https css Fixed #2012 --- src/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server.js b/src/server.js index 09382047..1ed734d0 100644 --- a/src/server.js +++ b/src/server.js @@ -228,7 +228,7 @@ function index(req, res, next) { "default-src 'none'", // default to nothing "form-action 'none'", // no default-src fallback "connect-src 'self' ws: wss:", // allow self for polling; websockets - "style-src 'self' 'unsafe-inline'", // allow inline due to use in irc hex colors + "style-src 'self' https: 'unsafe-inline'", // allow inline due to use in irc hex colors "script-src 'self'", // javascript "worker-src 'self'", // service worker "child-src 'self'", // deprecated fall back for workers, Firefox <58, see #1902