diff options
| author | sD <stoned@derpymail.org> | 2020-03-16 00:28:14 +0100 |
|---|---|---|
| committer | sD <stoned@derpymail.org> | 2020-03-16 00:28:14 +0100 |
| commit | 3e1a2790ec13534f2ef700582d651f93d270c9b4 (patch) | |
| tree | 6a114d81b5297da10d38c9871130be99444bf9d6 /webAO | |
| parent | 0092af73696cfb909575b12ff8237d9b108b7ca4 (diff) | |
CSP even works in chrome now
Diffstat (limited to 'webAO')
| -rw-r--r-- | webAO/client.html | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/webAO/client.html b/webAO/client.html index 831cd65..9e56358 100644 --- a/webAO/client.html +++ b/webAO/client.html @@ -6,10 +6,13 @@ <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> - <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' file: data: ws: *.aceattorneyonline.com *.wasabisys.com *.animatedchatroom.net golden-layout.com ajax.googleapis.com;"> - <meta http-equiv="X-Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' file: data: ws: *.aceattorneyonline.com *.wasabisys.com *.animatedchatroom.net golden-layout.com ajax.googleapis.com;"> - <meta http-equiv="X-WebKit-CSP" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' file: data: ws: *.aceattorneyonline.com *.wasabisys.com *.animatedchatroom.net golden-layout.com ajax.googleapis.com;"> - + <meta http-equiv="Content-Security-Policy" content="script-src-elem 'self' https://ajax.googleapis.com; + script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com; + style-src-elem 'self' https://golden-layout.com; + style-src 'self' 'unsafe-inline' https://golden-layout.com; + img-src 'self' data: https://webao.animatedchatroom.net https://s3.wasabisys.com; + connect-src 'self' ws: https://webao.animatedchatroom.net https://s3.wasabisys.com; + media-src 'self' https://webao.animatedchatroom.net https://s3.wasabisys.com;"> <link rel="stylesheet" type="text/css" href="styles/client.css?v=1.0.0" id="client_stylesheet"> <link rel="stylesheet" type="text/css" href="styles/default.css?v=1.0.0" id="client_theme"> @@ -20,7 +23,7 @@ <script src="lib/jdataview.min.js"></script> <script src="lib/gify.min.js"></script> <script src="ui.b.js"></script> - <script src="client.b.js?v=1.0.0"></script> + <script src="client.b.js?v=1.0.1"></script> </head> <body> |