forked from midou/invidious
Add manifest-src to CSP
This commit is contained in:
parent
bd7950b757
commit
92798abb5d
@ -261,7 +261,7 @@ before_all do |env|
|
|||||||
extra_media_csp += " https://*.googlevideo.com:443"
|
extra_media_csp += " https://*.googlevideo.com:443"
|
||||||
end
|
end
|
||||||
# TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ")
|
# TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ")
|
||||||
env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; media-src 'self' blob:#{extra_media_csp}"
|
env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}"
|
||||||
env.response.headers["Referrer-Policy"] = "same-origin"
|
env.response.headers["Referrer-Policy"] = "same-origin"
|
||||||
|
|
||||||
if (Kemal.config.ssl || config.https_only) && config.hsts
|
if (Kemal.config.ssl || config.https_only) && config.hsts
|
||||||
|
Loading…
Reference in New Issue
Block a user