diff --git a/app.js b/app.js
index d7048557e4..ae3097df7b 100755
--- a/app.js
+++ b/app.js
@@ -115,6 +115,7 @@ app.disable('x-powered-by');
app.use(helmet.xssFilter());
app.use(helmet.noSniff());
app.use(helmet.xframe());
+/*
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers',
@@ -122,6 +123,7 @@ app.use(function(req, res, next) {
);
next();
});
+*/
var trusted = [
"'self'",
@@ -167,7 +169,8 @@ app.use(helmet.contentSecurityPolicy({
scriptSrc: [
'*.optimizely.com',
'*.aspnetcdn.com',
- '*.d3js.org'
+ '*.d3js.org',
+ "* 'unsafe-inline'"
].concat(trusted),
'connect-src': [
'ws://*.rafflecopter.com',
diff --git a/public/js/lib/jailed/_frame.html b/public/js/lib/jailed/_frame.html
index 97d5bb947e..68b300d6e3 100644
--- a/public/js/lib/jailed/_frame.html
+++ b/public/js/lib/jailed/_frame.html
@@ -1 +1 @@
-
+
diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js
index edf1b51793..34046b89de 100644
--- a/public/js/lib/jailed/_frame.js
+++ b/public/js/lib/jailed/_frame.js
@@ -24,12 +24,19 @@ var blobCode = [
' }); '
].join('\n');
-var blobUrl = window.URL.createObjectURL(
- new Blob([blobCode])
-);
+var blobUrl;
+try {
+ blobUrl = new Blob([blobCode], {type: 'application/javascript'});
+} catch (e) {
+ window.BlobBuilder = window.BlobBuilder
+ || window.WebKitBlobBuilder
+ || window.MozBlobBuilder;
+ blobUrl = new BlobBuilder();
+ blobUrl.append(blobCode);
+ blobUrl = blobUrl.getBlob();
+}
-
-var worker = new Worker(blobUrl);
+var worker = new Worker(URL.createObjectURL(blobUrl));
// telling worker to load _pluginWeb.js (see blob code above)
worker.postMessage({
diff --git a/views/bonfire/show.jade b/views/bonfire/show.jade
index d361cf2a5f..f2284d53a3 100644
--- a/views/bonfire/show.jade
+++ b/views/bonfire/show.jade
@@ -1,21 +1,21 @@
extends ../layout-wide
block content
- script(src='/js/lib/codemirror/lib/codemirror.js')
- script(src='/js/lib/codemirror/addon/edit/closebrackets.js')
- script(src='/js/lib/codemirror/addon/edit/matchbrackets.js')
- script(src='/js/lib/codemirror/addon/lint/lint.js')
- script(src='/js/lib/codemirror/addon/lint/javascript-lint.js')
- script(src='//ajax.aspnetcdn.com/ajax/jshint/r07/jshint.js')
- script(src='/js/lib/chai/chai.js')
+ script(type='text/javascript', src='/js/lib/codemirror/lib/codemirror.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/edit/closebrackets.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/edit/matchbrackets.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/lint/lint.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/lint/javascript-lint.js')
+ script(type='text/javascript', src='//ajax.aspnetcdn.com/ajax/jshint/r07/jshint.js')
+ script(type='text/javascript', src='/js/lib/chai/chai.js')
link(rel='stylesheet', href='/js/lib/codemirror/lib/codemirror.css')
link(rel='stylesheet', href='/js/lib/codemirror/addon/lint/lint.css')
link(rel='stylesheet', href='/js/lib/codemirror/theme/monokai.css')
link(rel="stylesheet", href="http://fonts.googleapis.com/css?family=Ubuntu+Mono")
- script(src='/js/lib/codemirror/mode/javascript/javascript.js')
- script(src='/js/lib/jailed/jailed.js')
- script(src='/js/lib/bonfire/bonfireInit.js')
- script(src="//cdnjs.cloudflare.com/ajax/libs/ramda/0.13.0/ramda.min.js")
+ script(type='text/javascript', src='/js/lib/codemirror/mode/javascript/javascript.js')
+ script(type='text/javascript', src='/js/lib/jailed/jailed.js')
+ script(type='text/javascript', src='/js/lib/bonfire/bonfireInit.js')
+ script(type='text/javascript', src="//cdnjs.cloudflare.com/ajax/libs/ramda/0.13.0/ramda.min.js")
.row