Allow loading of external fonts

Required by several applications like our pdf viewer
This commit is contained in:
Lukas Reschke 2013-02-04 17:51:52 +01:00
parent b8e6b8692b
commit 8de0f96a24
2 changed files with 2 additions and 2 deletions

View File

@ -130,7 +130,7 @@ $CONFIG = array(
"remember_login_cookie_lifetime" => 60*60*24*15,
/* Custom CSP policy, changing this will overwrite the standard policy */
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *",
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src *",
/* The directory where the user data is stored, default to data in the owncloud
* directory. The sqlite database is also stored here, when sqlite is used.

View File

@ -192,7 +192,7 @@ class OC_Template{
// Content Security Policy
// If you change the standard policy, please also change it in config.sample.php
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *');
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src *');
header('Content-Security-Policy:'.$policy); // Standard
header('X-WebKit-CSP:'.$policy); // Older webkit browsers