Browse Source

Add a semicolon at the end of the CSP if none exists.

master
Caleb James DeLisle 3 years ago
parent
commit
7bee2ba27d
1 changed files with 1 additions and 0 deletions
  1. 1
      server.js

1
server.js

@ -34,6 +34,7 @@ var setHeaders = (function () {
const headers = clone(config.httpHeaders);
if (config.contentSecurity) {
headers['Content-Security-Policy'] = clone(config.contentSecurity);
if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' }
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
// backward compat for those who do not merge the new version of the config
// when updating. This prevents endless spinner if someone clicks donate.

Loading…
Cancel
Save