Merge pull request #73 from mutantmonkey/workaround_chrome_nonsense

workaround chrome nonsense with CSP
2015-12-04 22:34:36 -05:00 · 2015-12-04 22:34:36 -05:00 · bc66bcc069
parent 5dcfca5f74 817ac67632
commit bc66bcc069
1 changed files with 1 additions and 1 deletions
--- a/server.go
+++ b/server.go
@ -201,7 +201,7 @@ func main() {
 		"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer origin;",
 		"value of default Content-Security-Policy header")
 	flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy",
-		"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; referrer origin;",
+		"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; referrer origin;",
 		"value of Content-Security-Policy header for file access")
 	flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN",
 		"value of X-Frame-Options header")