Commit 90e523ea authored by Morris Jobke's avatar Morris Jobke
Browse files

Merge pull request #11858 from owncloud/fix-11064

Allow any outgoing XHR connections
parents 18f7f582 b3f88174
......@@ -831,7 +831,7 @@ $CONFIG = array(
'custom_csp_policy' =>
"default-src 'self'; script-src 'self' 'unsafe-eval'; ".
"style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ".
"font-src 'self' data:; media-src *",
"font-src 'self' data:; media-src *; connect-src *",
/**
......
......@@ -212,7 +212,8 @@ class OC_Response {
. 'frame-src *; '
. 'img-src *; '
. 'font-src \'self\' data:; '
. 'media-src *');
. 'media-src *; '
. 'connect-src *');
header('Content-Security-Policy:' . $policy);
// https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment