From 5fcb35efd606364eb8530880e62d8d3094b9c1f4 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 4 Feb 2013 18:43:26 +0100
Subject: [PATCH] Also allow local files

---
 config/config.sample.php | 2 +-
 lib/template.php         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 8d6bc74971..05008a0322 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -130,7 +130,7 @@ $CONFIG = array(
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
 /* Custom CSP policy, changing this will overwrite the standard policy */
-"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src data:",
+"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src \'self\' data:",
 
 /* The directory where the user data is stored, default to data in the owncloud
  * directory. The sqlite database is also stored here, when sqlite is used.
diff --git a/lib/template.php b/lib/template.php
index be65d14a9f..fb9f7ad62d 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -192,7 +192,7 @@ class OC_Template{
 
 		// Content Security Policy
 		// If you change the standard policy, please also change it in config.sample.php
-		$policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src data:');
+		$policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src \'self\' data:');
 		header('Content-Security-Policy:'.$policy); // Standard
 		header('X-WebKit-CSP:'.$policy); // Older webkit browsers
 
-- 
GitLab