Merge pull request #11858 from owncloud/fix-11064

Allow any outgoing XHR connections

2 files changed, 3 insertions, 2 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index d3fa7508ce2..a53521485e6 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -831,7 +831,7 @@ $CONFIG = array(
 'custom_csp_policy' =>
 	"default-src 'self'; script-src 'self' 'unsafe-eval'; ".
 	"style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ".
-	"font-src 'self' data:; media-src *",
+	"font-src 'self' data:; media-src *; connect-src *",
 
 
 /**
diff --git a/lib/private/response.php b/lib/private/response.php
index caa382af776..cf18115111a 100644
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -212,7 +212,8 @@ class OC_Response {
 			. 'frame-src *; '
 			. 'img-src *; '
 			. 'font-src \'self\' data:; '
-			. 'media-src *');
+			. 'media-src *; ' 
+			. 'connect-src *');
 		header('Content-Security-Policy:' . $policy);
 
 		// https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag