From b3f881748d968779120aa702142ed47eb66251ba Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 30 Oct 2014 00:00:40 +0100 Subject: [PATCH] Allow any outgoing XHR connections Quickfix for https://github.com/owncloud/core/issues/11064 --- config/config.sample.php | 2 +- lib/private/response.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index d3fa7508ce2..a53521485e6 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -831,7 +831,7 @@ $CONFIG = array( 'custom_csp_policy' => "default-src 'self'; script-src 'self' 'unsafe-eval'; ". "style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ". - "font-src 'self' data:; media-src *", + "font-src 'self' data:; media-src *; connect-src *", /** diff --git a/lib/private/response.php b/lib/private/response.php index caa382af776..cf18115111a 100644 --- a/lib/private/response.php +++ b/lib/private/response.php @@ -212,7 +212,8 @@ class OC_Response { . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' - . 'media-src *'); + . 'media-src *; ' + . 'connect-src *'); header('Content-Security-Policy:' . $policy); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag -- 2.39.5