iv-org/invidious
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious synced 2025-06-05 23:29:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to a good Content Security Policy (#1023)

Browse Source 
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
This commit is contained in:
leonklingele
2020-03-16 06:46:08 +09:00
committed by GitHub
parent f92027c44b
commit 70cbe91776
29 changed files with 274 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
assets/js/global.js Normal file
View File

@ -0,0 +1,3 @@
// Disable Web Workers. Fixes Video.js CSP violation (created by `new Worker(objURL)`):
// Refused to create a worker from 'blob:http://host/id' because it violates the following Content Security Policy directive: "worker-src 'self'".
window.Worker = undefined;