mirror of https://github.com/status-im/codimd.git
450262c4ab
Adding mediaSrc to CSP so video and audio files can be embedded without problems. From a security perspective it should be fine to load audio and video data without introducing a high security issue. Only from a privacy perspective it allows another way to track users if there are data embedded. But it doesn't introduce any new attack vector as pictures are also allowed from everywhere. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
|---|---|---|
| .. | ||
| config | ||
| migrations | ||
| models | ||
| ot | ||
| web | ||
| workers | ||
| csp.js | ||
| history.js | ||
| letter-avatars.js | ||
| logger.js | ||
| realtime.js | ||
| response.js | ||
| utils.js | ||