pg/sbot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tighten CSP for blob/file host: remove allow-same-origin

Browse Source
This commit is contained in:
Paul Frazee 2015-07-21 12:42:40 -05:00
parent 27a985a4bc
commit ea38f8233f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/lib/blobs.js
View File

@ -89,7 +89,7 @@ module.exports = function (sbot, checkout_dir) {
"connect-src 'self'; "+
"object-src 'none'; "+
"frame-src 'none'; "+
"sandbox allow-same-origin allow-scripts"
"sandbox allow-scripts"
)
if (req.url.slice(-7) != '.sha256' && opts.serveFiles) {