diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-03-28 23:55:31 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-03-28 23:55:31 +0200 |
| commit | 3a90ab7e0a6e3d99f41c0735b592adff246a9e15 (patch) | |
| tree | 261a4869513ccf4da016de1c2d01f9f257e2d108 /lib/private/legacy | |
| parent | f154b1d32ce0d469e5c4f96195e169f1aa4d5406 (diff) | |
| download | nextcloud-server-3a90ab7e0a6e3d99f41c0735b592adff246a9e15.tar.gz nextcloud-server-3a90ab7e0a6e3d99f41c0735b592adff246a9e15.zip | |
Update legacy CSP policy
Aligns it with the one enforced by the AppFramework
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/private/legacy')
| -rw-r--r-- | lib/private/legacy/response.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php index 69c84e2df68..d5c9ed78f64 100644 --- a/lib/private/legacy/response.php +++ b/lib/private/legacy/response.php @@ -253,7 +253,9 @@ class OC_Response { . 'img-src * data: blob:; ' . 'font-src \'self\' data:; ' . 'media-src *; ' - . 'connect-src *'; + . 'connect-src *; ' + . 'object-src \'none\'; ' + . 'base-uri \'self\'; '; header('Content-Security-Policy:' . $policy); // Send fallback headers for installations that don't have the possibility to send |