From e5cc5a0a2d287e0acfd754c79f4f05785ea9a201 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 25 Jan 2013 14:26:14 +0100 Subject: [PATCH] Allow the loading of external images --- config/config.sample.php | 2 +- lib/template.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index 18b7532e8fb..864c66f7e35 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -105,7 +105,7 @@ $CONFIG = array( "remember_login_cookie_lifetime" => 60*60*24*15, /* Custom CSP policy, changing this will overwrite the standard policy */ -"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *", +"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *", /* The directory where the user data is stored, default to data in the owncloud * directory. The sqlite database is also stored here, when sqlite is used. diff --git a/lib/template.php b/lib/template.php index a545d91f3c1..da757a08662 100644 --- a/lib/template.php +++ b/lib/template.php @@ -192,7 +192,7 @@ class OC_Template{ // Content Security Policy // If you change the standard policy, please also change it in config.sample.php - $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *'); + $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *'); header('Content-Security-Policy:'.$policy); // Standard header('X-WebKit-CSP:'.$policy); // Older webkit browsers header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer -- 2.39.5