From 810bf9a3f7e5be4143694441b701ad4c8c50a307 Mon Sep 17 00:00:00 2001
From: terakilobyte <terakilobyte@gmail.com>
Date: Tue, 16 Jun 2015 15:59:22 -0400
Subject: [PATCH] force https for blob url in _frame.js. Updates helmet to
 allow more inspectlet domains.

---
 public/js/lib/jailed/_frame.js | 2 +-
 server/server.js               | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js
index fa310643fd..7f464f02de 100644
--- a/public/js/lib/jailed/_frame.js
+++ b/public/js/lib/jailed/_frame.js
@@ -36,7 +36,7 @@ try {
   blobUrl = blobUrl.getBlob();
 }
 
-var worker = new Worker(URL.createObjectURL(blobUrl));
+var worker = new Worker(URL.createObjectURL('https:' + blobUrl));
 
 // telling worker to load _pluginWeb.js (see blob code above)
 worker.postMessage({
diff --git a/server/server.js b/server/server.js
index 69e02e8496..cc69e11ae3 100755
--- a/server/server.js
+++ b/server/server.js
@@ -132,7 +132,8 @@ var trusted = [
   'wss://inspectletws.herokuapp.com/',
   'http://hn.inspectlet.com/',
   '*.googleapis.com',
-  '*.gstatic.com'
+  '*.gstatic.com',
+  'https://hn.inspectlet.com/'
 ];
 
 app.use(helmet.csp({