Browse Source

allow unsafe-inline for style-src for now

This is used for the upload progress bar. Hopefully we can find a better
solution in the future for this.
pull/36/head
mutantmonkey 9 years ago
parent
commit
e030c07f94
  1. 2
      server.go

2
server.go

@ -135,7 +135,7 @@ func main() {
flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,
"enable remote uploads")
flag.StringVar(&Config.contentSecurityPolicy, "contentSecurityPolicy",
"default-src 'self'; img-src 'self' data:; referrer none;",
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
"value of default Content-Security-Policy header")
flag.StringVar(&Config.fileContentSecurityPolicy, "fileContentSecurityPolicy",
"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;",

Loading…
Cancel
Save