Skip to content

Commit 0f9e367

Browse files
SISheogorathSISheogorath
committed
Fix broken Gist embedding
Looks like GitHub changed their asset system and our CSP prevented them from getting loaded. This patch should fix the Gist embedding with enabled CSP by replacing the old URL `https://assets-cdn.github.com` with the new `https://github.githubassets.com`. Signed-off-by: Sheogorath <[email protected]>
1 parent b40f14f commit 0f9e367

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

lib/csp.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ var defaultDirectives = {
88
scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
99
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
1010
imgSrc: ['*'],
11-
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
11+
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
1212
fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
1313
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
1414
mediaSrc: ['*'],

0 commit comments

Comments
 (0)