Add the default-src

author: Lukas Reschke <lukas@statuscode.ch> 2013-01-20 12:19:09 +0100
committer: Lukas Reschke <lukas@statuscode.ch> 2013-01-20 12:19:09 +0100
commit: 967b7947a17d772b715e6c060c810d13912e0e67 (patch)
tree: 81e3555f5bda52176afc4e49d8b1b3ec7b46cd8c /lib/template.php
parent: c82d6e51536f4a7f72ad8968e78f8d2a6f7f220c (diff)
download: nextcloud-server-967b7947a17d772b715e6c060c810d13912e0e67.tar.gz
nextcloud-server-967b7947a17d772b715e6c060c810d13912e0e67.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/template.php b/lib/template.php
index fa2df6c67ee..09c2fefd8a1 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -189,8 +189,8 @@ class OC_Template{
 		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
 		header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
 		header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
-		header('Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; object-src \'self\''); // Disallow external JS/Flash + eval()
-		
+		header('Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\''); // Disallow external ressources + eval()
+
 		$this->findTemplate($name);
 	}
author	Lukas Reschke <lukas@statuscode.ch>	2013-01-20 12:19:09 +0100
committer	Lukas Reschke <lukas@statuscode.ch>	2013-01-20 12:19:09 +0100
commit	967b7947a17d772b715e6c060c810d13912e0e67 (patch)
tree	81e3555f5bda52176afc4e49d8b1b3ec7b46cd8c /lib/template.php
parent	c82d6e51536f4a7f72ad8968e78f8d2a6f7f220c (diff)
download	nextcloud-server-967b7947a17d772b715e6c060c810d13912e0e67.tar.gz nextcloud-server-967b7947a17d772b715e6c060c810d13912e0e67.zip