Lukas Reschke
11 years ago
2 changed files with 2 additions and 2 deletions
+ 1
- 1
config/config.sample.php
View File
| @@ -105,7 +105,7 @@ $CONFIG = array( | |||
| "remember_login_cookie_lifetime" => 60*60*24*15, | |||
| /* Custom CSP policy, changing this will overwrite the standard policy */ | |||
| "custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *", | |||
| "custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *", | |||
| /* The directory where the user data is stored, default to data in the owncloud | |||
| * directory. The sqlite database is also stored here, when sqlite is used. | |||
+ 1
- 1
lib/template.php
View File
| @@ -192,7 +192,7 @@ class OC_Template{ | |||
| // Content Security Policy | |||
| // If you change the standard policy, please also change it in config.sample.php | |||
| $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *'); | |||
| $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *'); | |||
| header('Content-Security-Policy:'.$policy); // Standard | |||
| header('X-WebKit-CSP:'.$policy); // Older webkit browsers | |||
| header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer | |||
Loading…