diff options
Diffstat (limited to 'controller/pagecontroller.php')
-rw-r--r-- | controller/pagecontroller.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php index 3b3220598..5768549c6 100644 --- a/controller/pagecontroller.php +++ b/controller/pagecontroller.php @@ -72,12 +72,13 @@ class PageController extends Controller { ]); $csp = new ContentSecurityPolicy(); - $csp->addAllowedImageDomain('*'); - $csp->addAllowedMediaDomain('*'); - $csp->addAllowedFrameDomain('https://youtube.com'); - $csp->addAllowedFrameDomain('https://www.youtube.com'); - $csp->addAllowedFrameDomain('https://player.vimeo.com'); - $csp->addAllowedFrameDomain('https://www.player.vimeo.com'); + $csp->addAllowedImageDomain('*') + ->addAllowedMediaDomain('*') + ->addAllowedConnectDomain('*') // chrome breaks on audio elements + ->addAllowedFrameDomain('https://youtube.com') + ->addAllowedFrameDomain('https://www.youtube.com') + ->addAllowedFrameDomain('https://player.vimeo.com') + ->addAllowedFrameDomain('https://www.player.vimeo.com'); $response->setContentSecurityPolicy($csp); return $response; |