cryptpad - fixed unsafe csp header directives for sandbox (#24)
Co-authored-by: muppeth <muppeth@disroot.org> Reviewed-on: #24 Reviewed-by: meaz <meaz@no-reply@disroot.org>
This commit is contained in:
parent
541f4cdfef
commit
18283258c9
|
@ -91,7 +91,7 @@
|
|||
|
||||
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
||||
if ($unsafe) {
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}";
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||
}
|
||||
|
||||
# Finally, set all the rules you composed above.
|
||||
|
|
Loading…
Reference in New Issue