14 lines
790 B
Diff
14 lines
790 B
Diff
|
diff --git a/server/server.ts b/server/server.ts.orig
|
||
|
index 7a1514e..5ecdea9 100644
|
||
|
--- a/server/server.ts
|
||
|
+++ b/server/server.ts.orig
|
||
|
@@ -377,7 +377,7 @@ function addSecurityHeaders(req: Request, res: Response, next: NextFunction) {
|
||
|
"default-src 'none'", // default to nothing
|
||
|
"base-uri 'none'", // disallow <base>, has no fallback to default-src
|
||
|
"form-action 'self'", // 'self' to fix saving passwords in Firefox, even though login is handled in javascript
|
||
|
- "connect-src 'self' ws: wss:", // allow self for polling; websockets
|
||
|
+ "connect-src 'self' ws: wss: https:", // allow self for polling; websockets
|
||
|
"style-src 'self' https: 'unsafe-inline'", // allow inline due to use in irc hex colors
|
||
|
"script-src 'self'", // javascript
|
||
|
"worker-src 'self'", // service worker
|