Merge pull request #597 from thelounge/astorije/fix-safari-10-csp
Explicitly authorize websockets in CSP header
This commit is contained in:
commit
99640e07d6
@ -128,7 +128,7 @@ function index(req, res, next) {
|
|||||||
return css.slice(0, -4);
|
return css.slice(0, -4);
|
||||||
});
|
});
|
||||||
var template = _.template(file);
|
var template = _.template(file);
|
||||||
res.setHeader("Content-Security-Policy", "default-src *; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");
|
res.setHeader("Content-Security-Policy", "default-src *; connect-src 'self' ws: wss:; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");
|
||||||
res.setHeader("Content-Type", "text/html");
|
res.setHeader("Content-Type", "text/html");
|
||||||
res.writeHead(200);
|
res.writeHead(200);
|
||||||
res.end(template(data));
|
res.end(template(data));
|
||||||
|
Loading…
Reference in New Issue
Block a user