diff options
Diffstat (limited to 'bootstrap.js')
| -rw-r--r-- | bootstrap.js | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/bootstrap.js b/bootstrap.js index f3f2c90..715e42a 100644 --- a/bootstrap.js +++ b/bootstrap.js @@ -196,12 +196,12 @@ var httpObserver = { try { let csp = subject.getResponseHeader("Content-Security-Policy"); if (gitlab.test(subject.URI.host)) { - csp = csp.replace("script-src ", "script-src " + hashCElements + " "); + csp = csp.replace(/script-src /g, "script-src " + hashCElements + " "); } else { - csp = csp.replace("script-src ", "script-src " + hashBase + " "); + csp = csp.replace(/script-src /g, "script-src " + hashBase + " "); if (isSeaMonkey) { - csp = csp.replace("script-src ", "script-src github.com gist.github.com " + hashSeaMonkey + " "); - csp = csp.replace("default-src 'none'", "default-src github.com gist.github.com"); + csp = csp.replace(/script-src /g, "script-src github.com gist.github.com " + hashSeaMonkey + " "); + csp = csp.replace(/default-src 'none'/g, "default-src github.com gist.github.com"); } } subject.setResponseHeader("Content-Security-Policy", csp, false); @@ -216,7 +216,7 @@ var httpObserver = { newListener.originalListener = subject.setNewListener(newListener); } else if (subject.URI.path.indexOf("/socket-worker-") == 0) { let csp = subject.getResponseHeader("Content-Security-Policy"); - csp = csp.replace("worker-src ", "worker-src github.githubassets.com "); + csp = csp.replace(/worker-src /g, "worker-src github.githubassets.com "); subject.setResponseHeader("Content-Security-Policy", csp, false); } } catch (e) {} |