Commit c7d8fc7f authored by Michael Henretty's avatar Michael Henretty
Browse files

allow base64 audio clips in CSP

parent 1650efa5
......@@ -77,7 +77,7 @@ apache::vhost { $project_name:
'set X-Frame-Options "DENY"',
'set Strict-Transport-Security "max-age=31536000"',
# media-src blob: is required for recording audio.
'set Content-Security-Policy "default-src \'none\'; style-src \'self\'; img-src \'self\' www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src \'self\' https://www.google-analytics.com/analytics.js; font-src \'self\'; connect-src \'self\'"'
'set Content-Security-Policy "default-src \'none\'; style-src \'self\'; img-src \'self\' www.google-analytics.com; media-src data: blob: https://*.amazonaws.com; script-src \'self\' https://www.google-analytics.com/analytics.js; font-src \'self\'; connect-src \'self\'"'
],
rewrites => [
{
......
......@@ -25,7 +25,7 @@ export default class Server {
cache: false,
headers: {
'Content-Security-Policy':
"default-src 'none'; style-src 'self'; img-src 'self' www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src 'self' https://www.google-analytics.com/analytics.js; font-src 'self'; connect-src 'self'",
"default-src 'none'; style-src 'self'; img-src 'self' www.google-analytics.com; media-src data: blob: https://*.amazonaws.com; script-src 'self' https://www.google-analytics.com/analytics.js; font-src 'self'; connect-src 'self'",
},
}
);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment