gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

force https for blob url in _frame.js. Updates helmet to allow more inspectlet domains.

Browse Source
This commit is contained in:
terakilobyte
2015-06-16 15:59:22 -04:00
parent 1607fe0ba5
commit 810bf9a3f7
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/js/lib/jailed/_frame.js
View File

@ -36,7 +36,7 @@ try {
blobUrl = blobUrl.getBlob(); blobUrl = blobUrl.getBlob();
} }
var worker = new Worker(URL.createObjectURL(blobUrl)); var worker = new Worker(URL.createObjectURL('https:' + blobUrl));
// telling worker to load _pluginWeb.js (see blob code above) // telling worker to load _pluginWeb.js (see blob code above)
worker.postMessage({ worker.postMessage({

3
server/server.js
View File

@ -132,7 +132,8 @@ var trusted = [
'wss://inspectletws.herokuapp.com/', 'wss://inspectletws.herokuapp.com/',
'http://hn.inspectlet.com/', 'http://hn.inspectlet.com/',
'*.googleapis.com', '*.googleapis.com',
'*.gstatic.com' '*.gstatic.com',
'https://hn.inspectlet.com/'
]; ];
app.use(helmet.csp({ app.use(helmet.csp({