Merge pull request #18140 from nextcloud/bugfix/17814/csp-svg

Allow inline styles for theming images
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2019-12-03 10:48:04 +0100
committer: GitHub <noreply@github.com> 2019-12-03 10:48:04 +0100
commit: 2b19da84d5488ea35c6c27c26c78678fd8c5affb (patch)
tree: ac1de21d1066b75b0b244b931a5e5c05bd246e4a /apps/theming
parent: 109aee525d57ba556c0ae9b5d1521aa0a69719ed (diff)
parent: 9691360f6ec2224dd6508d32cc095e320bb27bd5 (diff)
download: nextcloud-server-2b19da84d5488ea35c6c27c26c78678fd8c5affb.tar.gz
nextcloud-server-2b19da84d5488ea35c6c27c26c78678fd8c5affb.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php
index 25c2273279e..34ea22207ce 100644
--- a/apps/theming/lib/Controller/ThemingController.php
+++ b/apps/theming/lib/Controller/ThemingController.php
@@ -379,6 +379,9 @@ class ThemingController extends Controller {
 		}
 
 		$response = new FileDisplayResponse($file);
+		$csp = new Http\ContentSecurityPolicy();
+		$csp->allowInlineStyle();
+		$response->setContentSecurityPolicy($csp);
 		$response->cacheFor(3600);
 		$response->addHeader('Content-Type', $this->config->getAppValue($this->appName, $key . 'Mime', ''));
 		$response->addHeader('Content-Disposition', 'attachment; filename="' . $key . '"');
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2019-12-03 10:48:04 +0100
committer	GitHub <noreply@github.com>	2019-12-03 10:48:04 +0100
commit	2b19da84d5488ea35c6c27c26c78678fd8c5affb (patch)
tree	ac1de21d1066b75b0b244b931a5e5c05bd246e4a /apps/theming
parent	109aee525d57ba556c0ae9b5d1521aa0a69719ed (diff)
parent	9691360f6ec2224dd6508d32cc095e320bb27bd5 (diff)
download	nextcloud-server-2b19da84d5488ea35c6c27c26c78678fd8c5affb.tar.gz nextcloud-server-2b19da84d5488ea35c6c27c26c78678fd8c5affb.zip