From ee3d2332ec97487893ae5f1f46b599c550b25eb6 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Mon, 30 Mar 2015 16:20:05 +0200
Subject: fix #156

---
 controller/pagecontroller.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'controller')

diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php
index 3b3220598..5768549c6 100644
--- a/controller/pagecontroller.php
+++ b/controller/pagecontroller.php
@@ -72,12 +72,13 @@ class PageController extends Controller {
         ]);
 
         $csp = new ContentSecurityPolicy();
-        $csp->addAllowedImageDomain('*');
-        $csp->addAllowedMediaDomain('*');
-        $csp->addAllowedFrameDomain('https://youtube.com');
-        $csp->addAllowedFrameDomain('https://www.youtube.com');
-        $csp->addAllowedFrameDomain('https://player.vimeo.com');
-        $csp->addAllowedFrameDomain('https://www.player.vimeo.com');
+        $csp->addAllowedImageDomain('*')
+            ->addAllowedMediaDomain('*')
+            ->addAllowedConnectDomain('*')  // chrome breaks on audio elements
+            ->addAllowedFrameDomain('https://youtube.com')
+            ->addAllowedFrameDomain('https://www.youtube.com')
+            ->addAllowedFrameDomain('https://player.vimeo.com')
+            ->addAllowedFrameDomain('https://www.player.vimeo.com');
         $response->setContentSecurityPolicy($csp);
 
         return $response;
-- 
cgit v1.2.3