From 70cbe91776d1de10f2767c6a5ad5912fd705bdd3 Mon Sep 17 00:00:00 2001
From: leonklingele <git@leonklingele.de>
Date: Mon, 16 Mar 2020 06:46:08 +0900
Subject: Migrate to a good Content Security Policy (#1023)

So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
---
 assets/js/global.js | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 assets/js/global.js

(limited to 'assets/js/global.js')

diff --git a/assets/js/global.js b/assets/js/global.js
new file mode 100644
index 00000000..efb447fb
--- /dev/null
+++ b/assets/js/global.js
@@ -0,0 +1,3 @@
+// Disable Web Workers. Fixes Video.js CSP violation (created by `new Worker(objURL)`):
+// Refused to create a worker from 'blob:http://host/id' because it violates the following Content Security Policy directive: "worker-src 'self'".
+window.Worker = undefined;
-- 
cgit v1.2.3