mirror of
https://github.com/moparisthebest/mail
synced 2024-11-22 17:02:17 -05:00
[WO-614] loosen CSP to allow displaying html mail images
This commit is contained in:
parent
0266f330c0
commit
fe73f3db52
@ -79,7 +79,7 @@ app.use(function(req, res, next) {
|
||||
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
|
||||
// CSP
|
||||
var iframe = development ? "http://" + req.hostname + ":" + port : "https://" + req.hostname; // allow iframe to load assets
|
||||
res.set('Content-Security-Policy', "default-src 'self' " + iframe + "; object-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' " + iframe + "; img-src 'self' data:");
|
||||
res.set('Content-Security-Policy', "default-src 'self' " + iframe + "; object-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' " + iframe + "; img-src *");
|
||||
// set Cache-control Header (for AppCache)
|
||||
res.set('Cache-control', 'public, max-age=0');
|
||||
next();
|
||||
|
@ -5,7 +5,7 @@
|
||||
<title>Whiteout Mail</title>
|
||||
|
||||
<!-- Theses CSP rules are used as a fallback in runtimes such as Cordova -->
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self' chrome-extension: file: gap:; object-src 'none'; script-src 'self' 'unsafe-eval' chrome-extension: file: gap:; connect-src *; style-src 'self' 'unsafe-inline' chrome-extension: file: gap:; img-src 'self' chrome-extension: file: gap: data:">
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self' chrome-extension: file: gap:; object-src 'none'; script-src 'self' 'unsafe-eval' chrome-extension: file: gap:; connect-src *; style-src 'self' 'unsafe-inline' chrome-extension: file: gap:; img-src *">
|
||||
|
||||
<!-- iOS homescreen link -->
|
||||
<meta name="apple-mobile-web-app-capable" content="yes">
|
||||
|
Loading…
Reference in New Issue
Block a user