Skip to content
Snippets Groups Projects
Commit 5fcb35ef authored by Lukas Reschke's avatar Lukas Reschke
Browse files

Also allow local files

parent bb90b0ee
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
config/config.sample.php
+ 1
1
View file @ 5fcb35ef
......@@ -130,7 +130,7 @@ $CONFIG = array(
"remember_login_cookie_lifetime" => 60*60*24*15,
/* Custom CSP policy, changing this will overwrite the standard policy */
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src data:",
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src \'self\' data:",
/* The directory where the user data is stored, default to data in the owncloud
* directory. The sqlite database is also stored here, when sqlite is used.
......
lib/template.php
+ 1
1
View file @ 5fcb35ef
......@@ -192,7 +192,7 @@ class OC_Template{
// Content Security Policy
// If you change the standard policy, please also change it in config.sample.php
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src data:');
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src \'self\' data:');
header('Content-Security-Policy:'.$policy); // Standard
header('X-WebKit-CSP:'.$policy); // Older webkit browsers
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment