Notice about changing the standard policy

author Lukas Reschke <lukas@statuscode.ch>

Wed, 23 Jan 2013 12:44:43 +0000 (13:44 +0100)

committer Lukas Reschke <lukas@statuscode.ch>

Wed, 23 Jan 2013 12:44:43 +0000 (13:44 +0100)
author Lukas Reschke <lukas@statuscode.ch>
Wed, 23 Jan 2013 12:44:43 +0000 (13:44 +0100)
committer Lukas Reschke <lukas@statuscode.ch>
Wed, 23 Jan 2013 12:44:43 +0000 (13:44 +0100)
diff --git a/lib/template.php b/lib/template.php

index 96ca2c8afb3fbe86b46e52c2c28769f9a90983bb..a545d91f3c1c0d3c86b7b8a6a6cd444dd155e4be 100644 (file)
--- a/lib/template.php
+++ b/lib/template.php
@@ -191,6 +191,7 @@ class OC_Template{
                 header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
  
                 // Content Security Policy
+               // If you change the standard policy, please also change it in config.sample.php
                 $policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *');
                 header('Content-Security-Policy:'.$policy); // Standard
                 header('X-WebKit-CSP:'.$policy); // Older webkit browsers
author	Lukas Reschke <lukas@statuscode.ch>
	Wed, 23 Jan 2013 12:44:43 +0000 (13:44 +0100)
committer	Lukas Reschke <lukas@statuscode.ch>
	Wed, 23 Jan 2013 12:44:43 +0000 (13:44 +0100)