iv-org/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-05-06 16:35:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

Migrate to a good Content Security Policy (#1023)

Browse source 
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
This commit is contained in:
leonklingele 2020-03-16 06:46:08 +09:00 committed by GitHub
parent f92027c44b
commit 70cbe91776
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 274 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

3
assets/js/global.js Normal file
View file

@ -0,0 +1,3 @@
// Disable Web Workers. Fixes Video.js CSP violation (created by `new Worker(objURL)`):
// Refused to create a worker from 'blob:http://host/id' because it violates the following Content Security Policy directive: "worker-src 'self'".
window.Worker = undefined;