mirror of
https://github.com/thelounge/thelounge
synced 2024-11-23 12:33:07 +00:00
Merge pull request #597 from thelounge/astorije/fix-safari-10-csp
Explicitly authorize websockets in CSP header
This commit is contained in:
commit
99640e07d6
1 changed files with 1 additions and 1 deletions
|
@ -128,7 +128,7 @@ function index(req, res, next) {
|
|||
return css.slice(0, -4);
|
||||
});
|
||||
var template = _.template(file);
|
||||
res.setHeader("Content-Security-Policy", "default-src *; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");
|
||||
res.setHeader("Content-Security-Policy", "default-src *; connect-src 'self' ws: wss:; style-src * 'unsafe-inline'; script-src 'self'; child-src 'none'; object-src 'none'; form-action 'none'; referrer no-referrer;");
|
||||
res.setHeader("Content-Type", "text/html");
|
||||
res.writeHead(200);
|
||||
res.end(template(data));
|
||||
|
|
Loading…
Reference in a new issue