Commit c7d8fc7f authored by Michael Henretty's avatar Michael Henretty
Browse files

allow base64 audio clips in CSP

parent 1650efa5
...@@ -77,7 +77,7 @@ apache::vhost { $project_name: ...@@ -77,7 +77,7 @@ apache::vhost { $project_name:
'set X-Frame-Options "DENY"', 'set X-Frame-Options "DENY"',
'set Strict-Transport-Security "max-age=31536000"', 'set Strict-Transport-Security "max-age=31536000"',
# media-src blob: is required for recording audio. # media-src blob: is required for recording audio.
'set Content-Security-Policy "default-src \'none\'; style-src \'self\'; img-src \'self\' www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src \'self\' https://www.google-analytics.com/analytics.js; font-src \'self\'; connect-src \'self\'"' 'set Content-Security-Policy "default-src \'none\'; style-src \'self\'; img-src \'self\' www.google-analytics.com; media-src data: blob: https://*.amazonaws.com; script-src \'self\' https://www.google-analytics.com/analytics.js; font-src \'self\'; connect-src \'self\'"'
], ],
rewrites => [ rewrites => [
{ {
......
...@@ -25,7 +25,7 @@ export default class Server { ...@@ -25,7 +25,7 @@ export default class Server {
cache: false, cache: false,
headers: { headers: {
'Content-Security-Policy': 'Content-Security-Policy':
"default-src 'none'; style-src 'self'; img-src 'self' www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src 'self' https://www.google-analytics.com/analytics.js; font-src 'self'; connect-src 'self'", "default-src 'none'; style-src 'self'; img-src 'self' www.google-analytics.com; media-src data: blob: https://*.amazonaws.com; script-src 'self' https://www.google-analytics.com/analytics.js; font-src 'self'; connect-src 'self'",
}, },
} }
); );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment