Update legacy CSP policy
Aligns it with the one enforced by the AppFramework Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
f154b1d32c
commit
3a90ab7e0a
|
@ -253,7 +253,9 @@ class OC_Response {
|
||||||
. 'img-src * data: blob:; '
|
. 'img-src * data: blob:; '
|
||||||
. 'font-src \'self\' data:; '
|
. 'font-src \'self\' data:; '
|
||||||
. 'media-src *; '
|
. 'media-src *; '
|
||||||
. 'connect-src *';
|
. 'connect-src *; '
|
||||||
|
. 'object-src \'none\'; '
|
||||||
|
. 'base-uri \'self\'; ';
|
||||||
header('Content-Security-Policy:' . $policy);
|
header('Content-Security-Policy:' . $policy);
|
||||||
|
|
||||||
// Send fallback headers for installations that don't have the possibility to send
|
// Send fallback headers for installations that don't have the possibility to send
|
||||||
|
|
Loading…
Reference in New Issue