diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-10-30 00:00:40 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-10-30 00:00:40 +0100 |
| commit | b3f881748d968779120aa702142ed47eb66251ba (patch) | |
| tree | f52075973556081980914548c022e987ab831f7a | |
| parent | e8703f648d70bbe4d5232b9a14e2a1d45bbf2314 (diff) | |
| download | nextcloud-server-b3f881748d968779120aa702142ed47eb66251ba.tar.gz nextcloud-server-b3f881748d968779120aa702142ed47eb66251ba.zip | |
Allow any outgoing XHR connections
Quickfix for https://github.com/owncloud/core/issues/11064
| -rw-r--r-- | config/config.sample.php | 2 | ||||
| -rw-r--r-- | lib/private/response.php | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index d3fa7508ce2..a53521485e6 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -831,7 +831,7 @@ $CONFIG = array( 'custom_csp_policy' => "default-src 'self'; script-src 'self' 'unsafe-eval'; ". "style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ". - "font-src 'self' data:; media-src *", + "font-src 'self' data:; media-src *; connect-src *", /** diff --git a/lib/private/response.php b/lib/private/response.php index caa382af776..cf18115111a 100644 --- a/lib/private/response.php +++ b/lib/private/response.php @@ -212,7 +212,8 @@ class OC_Response { . 'frame-src *; ' . 'img-src *; ' . 'font-src \'self\' data:; ' - . 'media-src *'); + . 'media-src *; ' + . 'connect-src *'); header('Content-Security-Policy:' . $policy); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag |