Skip to content
Snippets Groups Projects
Commit 8de0f96a authored by Lukas Reschke's avatar Lukas Reschke
Browse files

Allow loading of external fonts

Required by several applications like our pdf viewer
parent b8e6b869
Branches
No related tags found
No related merge requests found
......@@ -130,7 +130,7 @@ $CONFIG = array(
"remember_login_cookie_lifetime" => 60*60*24*15,
/* Custom CSP policy, changing this will overwrite the standard policy */
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *",
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src *",
/* The directory where the user data is stored, default to data in the owncloud
* directory. The sqlite database is also stored here, when sqlite is used.
......
......@@ -192,7 +192,7 @@ class OC_Template{
// Content Security Policy
// If you change the standard policy, please also change it in config.sample.php
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *');
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src *');
header('Content-Security-Policy:'.$policy); // Standard
header('X-WebKit-CSP:'.$policy); // Older webkit browsers
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment