SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 25 Packages Projects Releases Wiki Activity

fix(csp): allow stun:/turn: schemes in connect-src
CodeQL Analysis / Analyze CodeQL (push) Waiting to run
Details
Deploy Application / deploy (push) Waiting to run
Details
Mirror to Codeberg / mirror (push) Waiting to run
Details
Mirror to PrivacyGuides / mirror (push) Waiting to run
Details

Browse Source 
Chrome enforces CSP connect-src for WebRTC ICE servers. Without the
stun/stuns/turn/turns schemes the browser silently dropped STUN/TURN
candidates (only host candidates remained), breaking custom-server
connectivity test results and real cross-network ICE.
This commit is contained in:
lockbitchat
2026-06-16 01:09:02 -04:00
parent 017a590220
commit 6dac4ce52a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
index.html
+1 -1
View File
@@ -8,7 +8,7 @@
script-src 'self';
style-src 'self' 'unsafe-inline';
font-src 'self' https://fonts.gstatic.com data:;
connect-src 'self' https: wss: ws:;
connect-src 'self' https: wss: ws: stun: stuns: turn: turns:;
img-src 'self' data: https:;
media-src 'none';
object-src 'none';