From 2c04edfd59806e470444a174a2fbc232c4dd8b19 Mon Sep 17 00:00:00 2001
From: Michael Lange <dingoeatingfuzz@gmail.com>
Date: Fri, 10 Nov 2017 13:28:11 -0800
Subject: [PATCH] Remove the connect-src self restriction for the UI

---
 command/agent/http.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/command/agent/http.go b/command/agent/http.go
index 7eda840d1..891bdf48f 100644
--- a/command/agent/http.go
+++ b/command/agent/http.go
@@ -250,7 +250,7 @@ func (e *codedError) Code() int {
 func handleUI(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 		header := w.Header()
-		header.Add("Content-Security-Policy", "default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'")
+		header.Add("Content-Security-Policy", "default-src 'none'; connect-src *; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'")
 		h.ServeHTTP(w, req)
 		return
 	})