From 9ff74e8841b60246f7bd0ad83efb43511acb5f1a Mon Sep 17 00:00:00 2001 From: rugk Date: Sat, 27 Aug 2016 00:01:19 +0200 Subject: [PATCH] Allow manifest loading via CSP --- cfg/conf.ini.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/conf.ini.sample b/cfg/conf.ini.sample index 6321069..5ab7191 100644 --- a/cfg/conf.ini.sample +++ b/cfg/conf.ini.sample @@ -60,7 +60,7 @@ languageselection = false ; custom scripts from third-party domains to your templates, e.g. tracking ; scripts or run your site behind certain DDoS-protection services. ; Check the documentation at https://content-security-policy.com/ -cspheader = "default-src 'none'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:;" +cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:;" ; stay compatible with PrivateBin Alpha 0.19, less secure ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of