diff --git a/app.js b/app.js
index 3aa08c3825..5403278407 100755
--- a/app.js
+++ b/app.js
@@ -125,6 +125,7 @@ app.use(function(req, res, next) {
var trusted = [
"'self'",
+ 'blob:',
'*.freecodecamp.com',
'*.gstatic.com',
'*.google-analytics.com',
@@ -137,7 +138,6 @@ var trusted = [
'*.twimg.com',
"'unsafe-eval'",
"'unsafe-inline'",
- '*.rafflecopter.com',
'*.bootstrapcdn.com',
'*.cloudflare.com',
'https://*.cloudflare.com',
@@ -152,11 +152,7 @@ var trusted = [
'*.youtube.com',
'*.jsdelivr.net',
'https://*.jsdelivr.net',
- '*.togetherjs.com',
- 'https://*.togetherjs.com',
- 'wss://hub.togetherjs.com',
'*.ytimg.com',
- 'wss://fcctogether.herokuapp.com',
'*.bitly.com',
'http://cdn.inspectlet.com/',
'http://hn.inspectlet.com/'
@@ -170,24 +166,11 @@ app.use(helmet.contentSecurityPolicy({
'*.d3js.org'
].concat(trusted),
'connect-src': [
- 'ws://*.rafflecopter.com',
- 'wss://*.rafflecopter.com',
- 'https://*.rafflecopter.com',
- 'ws://www.freecodecamp.com',
- 'http://www.freecodecamp.com'
+ 'ws://www.freecodecamp.com'
].concat(trusted),
styleSrc: trusted,
imgSrc: [
- '*.evernote.com',
- '*.amazonaws.com',
- 'data:',
- '*.licdn.com',
- '*.gravatar.com',
- '*.akamaihd.net',
- 'graph.facebook.com',
- '*.githubusercontent.com',
- '*.googleusercontent.com',
- /* allow all input since we have user submitted images for public profile*/
+ /* allow all input since we have user submitted images for public profile*/
'*'
].concat(trusted),
fontSrc: ['*.googleapis.com'].concat(trusted),
@@ -200,7 +183,6 @@ app.use(helmet.contentSecurityPolicy({
'*.gitter.im https:',
'*.vimeo.com',
'*.twitter.com',
- '*.rafflecopter.com',
'*.ghbtns.com'
].concat(trusted),
reportOnly: false, // set to true if you only want to report errors
@@ -214,6 +196,8 @@ app.use(function (req, res, next) {
next();
});
+app.use(express.static(__dirname + '/public', {maxAge: 86400000 }));
+
app.use(function (req, res, next) {
// Remember original destination before login.
var path = req.path.split('/')[1];
@@ -225,9 +209,6 @@ app.use(function (req, res, next) {
req.session.returnTo = req.path;
next();
});
-app.use(express.static(__dirname + '/public', {maxAge: 86400000 }));
-app.use('/template', express.static(__dirname +
- '/public/bower_components/angular-ui-bootstrap/template'));
/**
* Main routes.
diff --git a/controllers/user.js b/controllers/user.js
index 43c8b908b4..ddb3ae7030 100644
--- a/controllers/user.js
+++ b/controllers/user.js
@@ -10,8 +10,6 @@ var _ = require('lodash'),
resources = require('./resources'),
R = require('ramda');
-
-
/**
* GET /signin
* Siginin page.
diff --git a/public/js/lib/jailed/_frame.html b/public/js/lib/jailed/_frame.html
index 97d5bb947e..68b300d6e3 100644
--- a/public/js/lib/jailed/_frame.html
+++ b/public/js/lib/jailed/_frame.html
@@ -1 +1 @@
-
+
diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js
index edf1b51793..34046b89de 100644
--- a/public/js/lib/jailed/_frame.js
+++ b/public/js/lib/jailed/_frame.js
@@ -24,12 +24,19 @@ var blobCode = [
' }); '
].join('\n');
-var blobUrl = window.URL.createObjectURL(
- new Blob([blobCode])
-);
+var blobUrl;
+try {
+ blobUrl = new Blob([blobCode], {type: 'application/javascript'});
+} catch (e) {
+ window.BlobBuilder = window.BlobBuilder
+ || window.WebKitBlobBuilder
+ || window.MozBlobBuilder;
+ blobUrl = new BlobBuilder();
+ blobUrl.append(blobCode);
+ blobUrl = blobUrl.getBlob();
+}
-
-var worker = new Worker(blobUrl);
+var worker = new Worker(URL.createObjectURL(blobUrl));
// telling worker to load _pluginWeb.js (see blob code above)
worker.postMessage({
diff --git a/views/bonfire/show.jade b/views/bonfire/show.jade
index d361cf2a5f..f2284d53a3 100644
--- a/views/bonfire/show.jade
+++ b/views/bonfire/show.jade
@@ -1,21 +1,21 @@
extends ../layout-wide
block content
- script(src='/js/lib/codemirror/lib/codemirror.js')
- script(src='/js/lib/codemirror/addon/edit/closebrackets.js')
- script(src='/js/lib/codemirror/addon/edit/matchbrackets.js')
- script(src='/js/lib/codemirror/addon/lint/lint.js')
- script(src='/js/lib/codemirror/addon/lint/javascript-lint.js')
- script(src='//ajax.aspnetcdn.com/ajax/jshint/r07/jshint.js')
- script(src='/js/lib/chai/chai.js')
+ script(type='text/javascript', src='/js/lib/codemirror/lib/codemirror.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/edit/closebrackets.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/edit/matchbrackets.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/lint/lint.js')
+ script(type='text/javascript', src='/js/lib/codemirror/addon/lint/javascript-lint.js')
+ script(type='text/javascript', src='//ajax.aspnetcdn.com/ajax/jshint/r07/jshint.js')
+ script(type='text/javascript', src='/js/lib/chai/chai.js')
link(rel='stylesheet', href='/js/lib/codemirror/lib/codemirror.css')
link(rel='stylesheet', href='/js/lib/codemirror/addon/lint/lint.css')
link(rel='stylesheet', href='/js/lib/codemirror/theme/monokai.css')
link(rel="stylesheet", href="http://fonts.googleapis.com/css?family=Ubuntu+Mono")
- script(src='/js/lib/codemirror/mode/javascript/javascript.js')
- script(src='/js/lib/jailed/jailed.js')
- script(src='/js/lib/bonfire/bonfireInit.js')
- script(src="//cdnjs.cloudflare.com/ajax/libs/ramda/0.13.0/ramda.min.js")
+ script(type='text/javascript', src='/js/lib/codemirror/mode/javascript/javascript.js')
+ script(type='text/javascript', src='/js/lib/jailed/jailed.js')
+ script(type='text/javascript', src='/js/lib/bonfire/bonfireInit.js')
+ script(type='text/javascript', src="//cdnjs.cloudflare.com/ajax/libs/ramda/0.13.0/ramda.min.js")
.row
diff --git a/views/partials/universal-head.jade b/views/partials/universal-head.jade
index 08d62857a7..673c6fe58a 100644
--- a/views/partials/universal-head.jade
+++ b/views/partials/universal-head.jade
@@ -34,6 +34,8 @@ script.
// Leave alone below
script(src="/js/main.js")
+script(src="/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js")
+
link(rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Lato:400|Inconsolata")
link(rel="stylesheet" type="text/css" href="/bower_components/cal-heatmap/cal-heatmap.css")