[couchdb] branch fix/csp created (now bafb9b9)

[ja...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

jan pushed a change to branch fix/csp
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at bafb9b9  fix: send CSP header to make Fauxotn work fully

This branch includes the following new commits:

     new bafb9b9  fix: send CSP header to make Fauxotn work fully

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: fix: send CSP header to make Fauxotn work fully

[ja...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch fix/csp
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit bafb9b952aec153fe3e930dc6bf50d2cda367f7c
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Thu Jun 18 14:55:38 2020 +0200

    fix: send CSP header to make Fauxotn work fully
    
    Co-authored-by: Robert Newson <rn...@apache.org>
---
 src/chttpd/src/chttpd_misc.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/chttpd/src/chttpd_misc.erl b/src/chttpd/src/chttpd_misc.erl
index ffb5295..830fea3 100644
--- a/src/chttpd/src/chttpd_misc.erl
+++ b/src/chttpd/src/chttpd_misc.erl
@@ -105,7 +105,7 @@ handle_utils_dir_req(Req, _) ->
     send_method_not_allowed(Req, "GET,HEAD").
 
 maybe_add_csp_headers(Headers, "true") ->
-    DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; "
+    DefaultValues = "child-src 'self' data: blob:; default-src 'self'; img-src 'self' data:; font-src 'self'; "
                     "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
     Value = config:get("csp", "header_value", DefaultValues),
     [{"Content-Security-Policy", Value} | Headers];