Merge pull request #25 from daltonmenezes/fix/default-restrictive-htt…

…p-requests fix: default restrictive http requests - closes #24
daltonmenezes · Oct 15, 2023 · 02a454f · 02a454f
2 parents 3614bb9 + c689630
commit 02a454f
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/src/renderer/index.html b/src/renderer/index.html
@@ -3,9 +3,13 @@
   <head>
     <meta charset="UTF-8" />
 
-    <!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -->
-    <meta http-equiv="Content-Security-Policy"
-      content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'" />
+    <!--
+      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+
+      If you want restrict the sources from where you can load resources:
+        <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'" />
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' *; script-src 'self' *; style-src 'self' 'unsafe-inline' *;" />
   </head>
 
   <body>