FIX content-security-policy

2017-12-22 16:45:35 +01:00 · 2017-12-22 16:45:35 +01:00 · a3d35642ab
commit a3d35642ab
parent 0ec0a97855
2 changed files with 3 additions and 13 deletions
--- a/http.go
+++ b/http.go
@ -36,7 +36,7 @@ func NewMegaUploader(c Config) MegaUploader {
 			FrameDeny:             true,
 			ContentTypeNosniff:    true,
 			BrowserXssFilter:      true,
-			ContentSecurityPolicy: "default-src 'self'",
+			ContentSecurityPolicy: "default-src 'self'; img-src 'self' data: ",
 		}),
 	}
 }
--- a/res/templates/upload.html.tmpl
+++ b/res/templates/upload.html.tmpl
@ -34,19 +34,9 @@

 {{define "scripts"}}
        <script type="text/javascript" src="{{.Prefix}}/static/dropzone/dropzone.min.js"></script>
-    <script type="text/javascript">
-Dropzone.options.uploadForm = {
-    init: function() {
-        this.on("success", function(file, response) {
-            document.getElementById("responses").textContent += response + "\n";
-        });
-    }
-};
-    </script>
+    <script type="text/javascript" src="{{.Prefix}}/static/upload.js"> </script>
 {{end}}
 {{define "styles"}}
    <link href="{{.Prefix}}/static/dropzone/dropzone.min.css" rel="stylesheet" />
-<style>
-.share-description { font-style: italic; }
-</style>
+    <link href="{{.Prefix}}/static/style.css" rel="stylesheet" />
 {{end}}