deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

allow socket fallback ports in csp

Browse source
This commit is contained in:
Niklas Fiekas 2018-05-07 20:49:49 +02:00
parent 9b15821df2
commit 1c9724239f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/templating/AssetHelper.scala
View file

@ -92,7 +92,7 @@ trait AssetHelper { self: I18nHelper =>
val socket = (if (req.secure) "wss://" else "ws://") + socketDomain
ContentSecurityPolicy(
defaultSrc = List("'self'", assets),
connectSrc = List("'self'", assets, socket, lila.api.Env.current.ExplorerEndpoint, lila.api.Env.current.TablebaseEndpoint),
connectSrc = List("'self'", assets, socket, socket + ":*", lila.api.Env.current.ExplorerEndpoint, lila.api.Env.current.TablebaseEndpoint),
styleSrc = List("'self'", "'unsafe-inline'", assets, "https://fonts.googleapis.com"),
fontSrc = List("'self'", assetDomain, "https://fonts.gstatic.com"),
childSrc = List("'self'", "https://www.youtube.com"),