Disallow inline JS

author Lukas Reschke <lukas@statuscode.ch>

Sun, 20 Jan 2013 22:30:16 +0000 (23:30 +0100)

committer Lukas Reschke <lukas@statuscode.ch>

Sun, 20 Jan 2013 22:30:16 +0000 (23:30 +0100)
author Lukas Reschke <lukas@statuscode.ch>
Sun, 20 Jan 2013 22:30:16 +0000 (23:30 +0100)
committer Lukas Reschke <lukas@statuscode.ch>
Sun, 20 Jan 2013 22:30:16 +0000 (23:30 +0100)
diff --git a/lib/template.php b/lib/template.php

index 09c2fefd8a13ec40038f480eb698fa816b922779..7ac2b321b335111a07c9112ea61037dfef2ddf50 100644 (file)
--- a/lib/template.php
+++ b/lib/template.php
@@ -190,6 +190,7 @@ class OC_Template{
                 header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
                 header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
                 header('Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\''); // Disallow external ressources + eval()
+               header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\'');
  
                 $this->findTemplate($name);
         }
author	Lukas Reschke <lukas@statuscode.ch>
	Sun, 20 Jan 2013 22:30:16 +0000 (23:30 +0100)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sun, 20 Jan 2013 22:30:16 +0000 (23:30 +0100)