Merge #1166

1166: Add the CDN to the whitelist in the content security policy r=carols10cents

READMEs are not currently rendering in production right now because our
CSP is disallowing requests to the recently-added CDN.

I'm going to deploy this when tests pass bc production is broken right now.

Author: bors-voyager[bot]

src/http.rs

@@ -25,7 +25,14 @@ impl SecurityHeadersMiddleware {
         headers.insert("X-XSS-Protection".into(), vec!["1; mode=block".into()]);
 
         let s3_host = match *uploader {
-            Uploader::S3 { ref bucket, .. } => bucket.host(),
+            Uploader::S3 {
+                ref bucket,
+                ref cdn,
+                ..
+            } => match *cdn {
+                Some(ref s) => s.clone(),
+                None => bucket.host(),
+            },
             _ => unreachable!(
                 "This middleware should only be used in the production environment, \
                  which should also require an S3 uploader, QED"