Merge pull request #4127 from nextcloud/update-legacy-csp-policy
Update legacy CSP policy
This commit is contained in:
commit
dbf6b7ff86
|
@ -253,7 +253,9 @@ class OC_Response {
|
|||
. 'img-src * data: blob:; '
|
||||
. 'font-src \'self\' data:; '
|
||||
. 'media-src *; '
|
||||
. 'connect-src *';
|
||||
. 'connect-src *; '
|
||||
. 'object-src \'none\'; '
|
||||
. 'base-uri \'self\'; ';
|
||||
header('Content-Security-Policy:' . $policy);
|
||||
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
|
||||
|
||||
|
|
Loading…
Reference in New Issue