arno/privatebin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use default csp value by default

Browse Source 
Otherwise the CSP may break updates if we later change the behaviour of PrivateBin somehow.
We should have done this before the v1.0 release, but well...
This commit is contained in:
rugk 2016-09-18 12:21:42 +02:00
parent ec7af3a738
commit 2cd4717bd2
No known key found for this signature in database
GPG Key ID: 05D40A636AFAB34D
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cfg/conf.ini.sample
View File

@ -60,7 +60,7 @@ languageselection = false
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of