diff options
| author | Perflyst <mail@perflyst.de> | 2021-01-31 12:18:40 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-31 12:18:40 +0100 |
| commit | 82da5cfd0127aaa88fb72ac703a5c8bb80d5d6f7 (patch) | |
| tree | a39b559d9bc1d4c48d915d1c8ae0cf93b34244a7 /src/invidious.cr | |
| parent | 909285ea46c7b6602e42da003b6ab39ef5e66f80 (diff) | |
| parent | 4a0b10984ad4151a8f7c8b0a9db3ed378a6df57e (diff) | |
| download | invidious-82da5cfd0127aaa88fb72ac703a5c8bb80d5d6f7.tar.gz invidious-82da5cfd0127aaa88fb72ac703a5c8bb80d5d6f7.tar.bz2 invidious-82da5cfd0127aaa88fb72ac703a5c8bb80d5d6f7.zip | |
Merge pull request #1712 from tenpura-shrimp/bumpvideojs
Bump videojs and fix webworker
Diffstat (limited to 'src/invidious.cr')
| -rw-r--r-- | src/invidious.cr | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index b863bc81..713d193e 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -217,7 +217,7 @@ before_all do |env| extra_media_csp += " https://*.youtube.com:443" end # TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ") - env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}" + env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}; child-src blob:" env.response.headers["Referrer-Policy"] = "same-origin" if (Kemal.config.ssl || CONFIG.https_only) && CONFIG.hsts |