TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 04:55:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

safeweb: allow object-src: self in CSP (#11782)

Browse Source 
This change is safe (self is still safe, by
definition), and makes the code match the comment.

Updates #cleanup

Signed-off-by: Chris Palmer <cpalmer@tailscale.com>
This commit is contained in:
Chris Palmer 2024-04-18 10:39:11 -07:00 committed by GitHub
parent e775de3c63
commit bdfaef4879
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
safeweb/http.go
View File

@ -89,7 +89,7 @@
`form-action 'self'`, // disallow form submissions to other origins `form-action 'self'`, // disallow form submissions to other origins
`base-uri 'self'`, // disallow base URIs from other origins `base-uri 'self'`, // disallow base URIs from other origins
`block-all-mixed-content`, // disallow mixed content when serving over HTTPS `block-all-mixed-content`, // disallow mixed content when serving over HTTPS
`object-src 'none'`, // disallow embedding of resources from other origins `object-src 'self'`, // disallow embedding of resources from other origins
}, "; ") }, "; ")
// Config contains the configuration for a safeweb server. // Config contains the configuration for a safeweb server.