fix #156

author: Bernhard Posselt <dev@bernhard-posselt.com> 2015-03-30 16:20:05 +0200
committer: Bernhard Posselt <dev@bernhard-posselt.com> 2015-03-30 16:20:05 +0200
commit: ee3d2332ec97487893ae5f1f46b599c550b25eb6 (patch)
tree: e5a46f12fc027e3deb7c9436160595bb60d99356 /controller
parent: 026ccbc8875fc78b665dec95c308afe8a3c5899e (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php
index 3b3220598..5768549c6 100644
--- a/controller/pagecontroller.php
+++ b/controller/pagecontroller.php
@@ -72,12 +72,13 @@ class PageController extends Controller {
         ]);
 
         $csp = new ContentSecurityPolicy();
-        $csp->addAllowedImageDomain('*');
-        $csp->addAllowedMediaDomain('*');
-        $csp->addAllowedFrameDomain('https://youtube.com');
-        $csp->addAllowedFrameDomain('https://www.youtube.com');
-        $csp->addAllowedFrameDomain('https://player.vimeo.com');
-        $csp->addAllowedFrameDomain('https://www.player.vimeo.com');
+        $csp->addAllowedImageDomain('*')
+            ->addAllowedMediaDomain('*')
+            ->addAllowedConnectDomain('*')  // chrome breaks on audio elements
+            ->addAllowedFrameDomain('https://youtube.com')
+            ->addAllowedFrameDomain('https://www.youtube.com')
+            ->addAllowedFrameDomain('https://player.vimeo.com')
+            ->addAllowedFrameDomain('https://www.player.vimeo.com');
         $response->setContentSecurityPolicy($csp);
 
         return $response;
author	Bernhard Posselt <dev@bernhard-posselt.com>	2015-03-30 16:20:05 +0200
committer	Bernhard Posselt <dev@bernhard-posselt.com>	2015-03-30 16:20:05 +0200
commit	ee3d2332ec97487893ae5f1f46b599c550b25eb6 (patch)
tree	e5a46f12fc027e3deb7c9436160595bb60d99356 /controller
parent	026ccbc8875fc78b665dec95c308afe8a3c5899e (diff)