Merge pull request #597 from thelounge/astorije/fix-safari-10-csp

Explicitly authorize websockets in CSP header
This commit is contained in:
Jérémie Astori 2016-09-09 01:40:43 -04:00 committed by GitHub
commit 99640e07d6

View File

@ -128,7 +128,7 @@ function index(req, res, next) {
return css.slice(0, -4); return css.slice(0, -4);
}); });
var template = _.template(file); var template = _.template(file);
res.setHeader("Content-Security-Policy", "default-src *; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;"); res.setHeader("Content-Security-Policy", "default-src *; connect-src 'self' ws: wss:; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");
res.setHeader("Content-Type", "text/html"); res.setHeader("Content-Type", "text/html");
res.writeHead(200); res.writeHead(200);
res.end(template(data)); res.end(template(data));