diff options
| author | Andrew Zhao <azhao12345@users.noreply.github.com> | 2021-01-27 10:45:03 -0500 |
|---|---|---|
| committer | Andrew Zhao <azhao12345@users.noreply.github.com> | 2021-01-29 19:08:28 -0500 |
| commit | 4a0b10984ad4151a8f7c8b0a9db3ed378a6df57e (patch) | |
| tree | a0e379c2d7b1f3e1867bf0cbc1743c8c1b7281a6 /src/invidious.cr | |
| parent | 69406b00d151b3df6b1314e475883732f62098ad (diff) | |
| download | invidious-4a0b10984ad4151a8f7c8b0a9db3ed378a6df57e.tar.gz invidious-4a0b10984ad4151a8f7c8b0a9db3ed378a6df57e.tar.bz2 invidious-4a0b10984ad4151a8f7c8b0a9db3ed378a6df57e.zip | |
Bump videojs and fix webworker
Diffstat (limited to 'src/invidious.cr')
| -rw-r--r-- | src/invidious.cr | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index 10c23dac..b320d344 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -216,7 +216,7 @@ before_all do |env| extra_media_csp += " https://*.youtube.com:443" end # TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ") - env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}" + env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}; child-src blob:" env.response.headers["Referrer-Policy"] = "same-origin" if (Kemal.config.ssl || config.https_only) && config.hsts |