mirror of
https://gitea.invidious.io/iv-org/invidious-copy-2022-03-16.git
synced 2024-08-15 00:53:18 +00:00
Add manifest-src to CSP
This commit is contained in:
parent
bd7950b757
commit
92798abb5d
1 changed files with 1 additions and 1 deletions
|
@ -261,7 +261,7 @@ before_all do |env|
|
|||
extra_media_csp += " https://*.googlevideo.com:443"
|
||||
end
|
||||
# TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ")
|
||||
env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; media-src 'self' blob:#{extra_media_csp}"
|
||||
env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}"
|
||||
env.response.headers["Referrer-Policy"] = "same-origin"
|
||||
|
||||
if (Kemal.config.ssl || config.https_only) && config.hsts
|
||||
|
|
Loading…
Reference in a new issue