summaryrefslogtreecommitdiffstats
path: root/lib/public
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2019-01-07 13:13:34 +0100
committerBackportbot <backportbot-noreply@rullzer.com>2019-01-07 14:40:23 +0000
commitde30c11cf34141ea32d8f8706189d9190de41b76 (patch)
tree9d4d9bbe23fa64ff51e0797f82163655a9022aa5 /lib/public
parentd21bc0e314a8376f8a3f180b23c89e599ce44c8f (diff)
downloadnextcloud-server-de30c11cf34141ea32d8f8706189d9190de41b76.tar.gz
nextcloud-server-de30c11cf34141ea32d8f8706189d9190de41b76.zip
CSP: Allow fonts to be provided in data
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/public')
-rw-r--r--lib/public/AppFramework/Http/ContentSecurityPolicy.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index e9ecf000364..68aa4b5ddb4 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -80,6 +80,7 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var array Domains from which fonts can be loaded */
protected $allowedFontDomains = [
'\'self\'',
+ 'data:',
];
/** @var array Domains from which web-workers and nested browsing content can load elements */
protected $allowedChildSrcDomains = [];