diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/plugs/http_security_plug.ex | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 0025b042a..1dcf02e1a 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -116,7 +116,9 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do if Config.get(:env) == :dev do "script-src 'self' 'unsafe-eval'" else - "script-src 'self'" + # TODO right now unsafe-eval is needed for WASM to load in chrome + # see: https://github.com/WebAssembly/content-security-policy/issues/7 + "script-src 'self' 'unsafe-eval'" end report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"] |