status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: allow Dropbox dropins in CSP directives 

Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
Max Wu 2020-03-03 17:25:04 +08:00
parent 118b11a4fa
commit e2c31e4cb3
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/csp.js
View File

@ -16,6 +16,10 @@ var defaultDirectives = {
connectSrc: ['*']
}
var dropboxDirectives = {
scriptSrc: ['https://www.dropbox.com']
}
var cdnDirectives = {
scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.jsdelivr.net', 'https://cdn.mathjax.org'],
styleSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.jsdelivr.net', 'https://fonts.googleapis.com'],
@ -37,6 +41,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectives(directives, config.csp.directives)
mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives)
mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
if (!areAllInlineScriptsAllowed(directives)) {