mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update legacy CSP policy 

Aligns it with the one enforced by the AppFramework

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-03-28 23:55:31 +02:00
parent f154b1d32c
commit 3a90ab7e0a
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/private/legacy/response.php
View File

@ -253,7 +253,9 @@ class OC_Response {
. 'img-src * data: blob:; '
. 'font-src \'self\' data:; '
. 'media-src *; '
. 'connect-src *';
. 'connect-src *; '
. 'object-src \'none\'; '
. 'base-uri \'self\'; ';
header('Content-Security-Policy:' . $policy);
// Send fallback headers for installations that don't have the possibility to send