Browse Source

tighten CSP for blob/file host: remove allow-same-origin

Paul Frazee 5 years ago
parent
commit
ea38f8233f
1 changed files with 1 additions and 1 deletions
  1. 1
    1
      app/lib/blobs.js

+ 1
- 1
app/lib/blobs.js View File

@@ -89,7 +89,7 @@ module.exports = function (sbot, checkout_dir) {
89 89
           "connect-src 'self'; "+
90 90
           "object-src 'none'; "+
91 91
           "frame-src 'none'; "+
92
-          "sandbox allow-same-origin allow-scripts"
92
+          "sandbox allow-scripts"
93 93
         )
94 94
 
95 95
         if (req.url.slice(-7) != '.sha256' && opts.serveFiles) {

Loading…
Cancel
Save