]> source.dussan.org Git - nextcloud-server.git/commitdiff
Allow loading of external fonts
authorLukas Reschke <lukas@statuscode.ch>
Mon, 4 Feb 2013 16:51:52 +0000 (17:51 +0100)
committerLukas Reschke <lukas@statuscode.ch>
Mon, 4 Feb 2013 16:51:52 +0000 (17:51 +0100)
Required by several applications like our pdf viewer

config/config.sample.php
lib/template.php

index 5264e94820058be2e40937b255e23bb47e49f7d6..1eec4c91c705fdbf9cc0a91ab97abd6a8cfed863 100644 (file)
@@ -130,7 +130,7 @@ $CONFIG = array(
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
 /* Custom CSP policy, changing this will overwrite the standard policy */
-"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *",
+"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src *",
 
 /* The directory where the user data is stored, default to data in the owncloud
  * directory. The sqlite database is also stored here, when sqlite is used.
index 238d8a8ad0f5ece69cc509b235c1057eb2af64be..ebcc2b879c8a5aedf3456f71ddd5e7257542b52b 100644 (file)
@@ -192,7 +192,7 @@ class OC_Template{
 
                // Content Security Policy
                // If you change the standard policy, please also change it in config.sample.php
-               $policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *');
+               $policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src *');
                header('Content-Security-Policy:'.$policy); // Standard
                header('X-WebKit-CSP:'.$policy); // Older webkit browsers