Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Meteor browser policy
// First install the browser policy package:
// meteor add browser-policy
BrowserPolicy.framing.disallow();
BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl();
// Change these to whatever services your app needs access to
trusted = [
'*.google-analytics.com',
'*.googleapis.com',
'*.gstatic.com',
'*.stripe.com',
'*.facebook.com',
'*.akamaihd.net',
'*.github.com',
'*.disquscdn.com',
'*.cloudfront.net'
];
_.each(trusted, function(origin) {
return BrowserPolicy.content.allowOriginForAll(origin);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.