From 4a0b10984ad4151a8f7c8b0a9db3ed378a6df57e Mon Sep 17 00:00:00 2001 From: Andrew Zhao Date: Wed, 27 Jan 2021 10:45:03 -0500 Subject: Bump videojs and fix webworker --- src/invidious.cr | 2 +- src/invidious/views/components/player_sources.ecr | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/invidious.cr b/src/invidious.cr index 10c23dac..b320d344 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -216,7 +216,7 @@ before_all do |env| extra_media_csp += " https://*.youtube.com:443" end # TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (, style=" [..] ") - env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}" + env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}; child-src blob:" env.response.headers["Referrer-Policy"] = "same-origin" if (Kemal.config.ssl || config.https_only) && config.hsts diff --git a/src/invidious/views/components/player_sources.ecr b/src/invidious/views/components/player_sources.ecr index 8162546e..d950e0da 100644 --- a/src/invidious/views/components/player_sources.ecr +++ b/src/invidious/views/components/player_sources.ecr @@ -3,7 +3,6 @@ - -- cgit v1.2.3