"remember_login_cookie_lifetime" => 60*60*24*15, | "remember_login_cookie_lifetime" => 60*60*24*15, | ||||
/* Custom CSP policy, changing this will overwrite the standard policy */ | /* Custom CSP policy, changing this will overwrite the standard policy */ | ||||
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *", | |||||
"custom_csp_policy" => "default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *", | |||||
/* The directory where the user data is stored, default to data in the owncloud | /* The directory where the user data is stored, default to data in the owncloud | ||||
* directory. The sqlite database is also stored here, when sqlite is used. | * directory. The sqlite database is also stored here, when sqlite is used. |
// Content Security Policy | // Content Security Policy | ||||
// If you change the standard policy, please also change it in config.sample.php | // If you change the standard policy, please also change it in config.sample.php | ||||
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *'); | |||||
$policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *'); | |||||
header('Content-Security-Policy:'.$policy); // Standard | header('Content-Security-Policy:'.$policy); // Standard | ||||
header('X-WebKit-CSP:'.$policy); // Older webkit browsers | header('X-WebKit-CSP:'.$policy); // Older webkit browsers | ||||
header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer | header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer |