Allow any outgoing XHR connections

author Lukas Reschke <lukas@owncloud.com>

Wed, 29 Oct 2014 23:00:40 +0000 (00:00 +0100)

committer Lukas Reschke <lukas@owncloud.com>

Wed, 29 Oct 2014 23:00:40 +0000 (00:00 +0100)
author Lukas Reschke <lukas@owncloud.com>
Wed, 29 Oct 2014 23:00:40 +0000 (00:00 +0100)
committer Lukas Reschke <lukas@owncloud.com>
Wed, 29 Oct 2014 23:00:40 +0000 (00:00 +0100)
diff --git a/config/config.sample.php b/config/config.sample.php

index d3fa7508ce2965559878d2437d792ada31b9e248..a53521485e6595feb5f51827509fc25de28a142d 100644 (file)
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -831,7 +831,7 @@ $CONFIG = array(
  'custom_csp_policy' =>
         "default-src 'self'; script-src 'self' 'unsafe-eval'; ".
         "style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ".
-       "font-src 'self' data:; media-src *",
+       "font-src 'self' data:; media-src *; connect-src *",
  
  
  /**
diff --git a/lib/private/response.php b/lib/private/response.php

index caa382af77696b856b5d88e0626cb810c568e743..cf18115111a016bd41f8bef00c2968295201d3e7 100644 (file)
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -212,7 +212,8 @@ class OC_Response {
                         . 'frame-src *; '
                         . 'img-src *; '
                         . 'font-src \'self\' data:; '
-                       . 'media-src *');
+                       . 'media-src *; ' 
+                       . 'connect-src *');
                 header('Content-Security-Policy:' . $policy);
  
                 // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
author	Lukas Reschke <lukas@owncloud.com>
	Wed, 29 Oct 2014 23:00:40 +0000 (00:00 +0100)
committer	Lukas Reschke <lukas@owncloud.com>
	Wed, 29 Oct 2014 23:00:40 +0000 (00:00 +0100)
config/config.sample.php		patch \| blob \| history
lib/private/response.php		patch \| blob \| history