diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-01-25 14:26:14 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-01-25 14:26:14 +0100 |
| commit | e5cc5a0a2d287e0acfd754c79f4f05785ea9a201 (patch) | |
| tree | 03458d864adbaa84220fb611af21d6f9f2b5f0d0 /lib/template.php | |
| parent | 293e7bdcf0b9769a1aaa240b5d61bc20e3673d78 (diff) | |
| download | nextcloud-server-e5cc5a0a2d287e0acfd754c79f4f05785ea9a201.tar.gz nextcloud-server-e5cc5a0a2d287e0acfd754c79f4f05785ea9a201.zip | |
Allow the loading of external images
Diffstat (limited to 'lib/template.php')
| -rw-r--r-- | lib/template.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php index a545d91f3c1..da757a08662 100644 --- a/lib/template.php +++ b/lib/template.php @@ -192,7 +192,7 @@ class OC_Template{ // Content Security Policy // If you change the standard policy, please also change it in config.sample.php - $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *'); + $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *'); header('Content-Security-Policy:'.$policy); // Standard header('X-WebKit-CSP:'.$policy); // Older webkit browsers header('X-Content-Security-Policy:'.$policy); // Mozilla + Internet Explorer |