Allow admins to change the CSP policy in the config file

author: Lukas Reschke <lukas@statuscode.ch> 2013-01-23 13:42:52 +0100
committer: Lukas Reschke <lukas@statuscode.ch> 2013-01-23 13:42:52 +0100
commit: 0517465f4d2d4ebfebfee66cc4c816495a7ebf7a (patch)
tree: d9797aee1a3d470bb0fa9f4239118f2e32613f92 /lib/template.php
parent: b4c3dd84b405b5cdd463cc0e82762b4d8d29f382 (diff)
download: nextcloud-server-0517465f4d2d4ebfebfee66cc4c816495a7ebf7a.tar.gz
nextcloud-server-0517465f4d2d4ebfebfee66cc4c816495a7ebf7a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php
index 632268b0023..96ca2c8afb3 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -191,7 +191,7 @@ class OC_Template{
 		header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
 
 		// Content Security Policy
-		$policy = 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *';
+		$policy = OC_Config::getValue('custom_csp_policy',  'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *');
 		header('Content-Security-Policy:'.$policy); // Standard
 		header('X-WebKit-CSP:'.$policy); // Older webkit browsers
 		header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer
author	Lukas Reschke <lukas@statuscode.ch>	2013-01-23 13:42:52 +0100
committer	Lukas Reschke <lukas@statuscode.ch>	2013-01-23 13:42:52 +0100
commit	0517465f4d2d4ebfebfee66cc4c816495a7ebf7a (patch)
tree	d9797aee1a3d470bb0fa9f4239118f2e32613f92 /lib/template.php
parent	b4c3dd84b405b5cdd463cc0e82762b4d8d29f382 (diff)
download	nextcloud-server-0517465f4d2d4ebfebfee66cc4c816495a7ebf7a.tar.gz nextcloud-server-0517465f4d2d4ebfebfee66cc4c816495a7ebf7a.zip