New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the Content-Security-Policy header #501

Merged

Changaco merged 1 commit into master from fix-csp

Jan 9, 2017

Member

Changaco commented Jan 9, 2017

Explanation from #498 (comment):

From the CSP reports we've received so far it looks like we need to change 'self' to liberapay.com (actually website.env.canonical_host) for the i18n subdomains to be able to load the assets from the top domain.


          change asset source in CSP from 'self' to main domain

81f8d51

Changaco merged commit 2a8b6f0 into master

Changaco deleted the fix-csp branch

January 9, 2017 09:50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment