-
dcouture authored
Allowing the entire sourcegraph instanc creates a possibility for CSP bypass as it's possible to host arbitrary javascript on sourcegraph. This change restricts the allowed sourcegraph URLs to the api Changelog: security
29399b2e
Allowing the entire sourcegraph instanc creates a possibility for CSP bypass as it's possible to host arbitrary javascript on sourcegraph. This change restricts the allowed sourcegraph URLs to the api Changelog: security