mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow admins to change the CSP policy in the config file

This commit is contained in:
Lukas Reschke 2013-01-23 13:42:52 +01:00
parent b4c3dd84b4
commit 0517465f4d
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/config.sample.php
View File

@ -104,6 +104,9 @@ $CONFIG = array(
/* Lifetime of the remember login cookie, default is 15 days */
"remember_login_cookie_lifetime" => 60*60*24*15,
/* Custom CSP policy, changing this will overwrite the standard policy */
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *",
/* The directory where the user data is stored, default to data in the owncloud
* directory. The sqlite database is also stored here, when sqlite is used.
*/

2
lib/template.php
View File

@ -191,7 +191,7 @@ class OC_Template{
header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
// Content Security Policy
$policy = 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *';
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *');
header('Content-Security-Policy:'.$policy); // Standard
header('X-WebKit-CSP:'.$policy); // Older webkit browsers
header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer