diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-09-10 15:00:35 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-09-10 15:00:35 +0200 |
| commit | 89cd9295600f6707579240f3f010d4b75a2d85cd (patch) | |
| tree | 3591f24992be477835fcec8cdb72ad8035e1911f /lib | |
| parent | 5e0ad758cfc8e8f1aa1219f88c87e0583e51f63b (diff) | |
| parent | 874ccbfb817569b6e741af477addb287342145d0 (diff) | |
| download | nextcloud-server-89cd9295600f6707579240f3f010d4b75a2d85cd.tar.gz nextcloud-server-89cd9295600f6707579240f3f010d4b75a2d85cd.zip | |
Merge pull request #17791 from owncloud/make-eventsource-compatible-with-win10
Add custom CSP for Win 10 compatibility
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/eventsource.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php index c69671c1a75..e2be808e726 100644 --- a/lib/private/eventsource.php +++ b/lib/private/eventsource.php @@ -59,6 +59,17 @@ class OC_EventSource implements \OCP\IEventSource { $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true'; if ($this->fallback) { $this->fallBackId = (int)$_GET['fallback_id']; + /** + * FIXME: The default content-security-policy of ownCloud forbids inline + * JavaScript for security reasons. IE starting on Windows 10 will + * however also obey the CSP which will break the event source fallback. + * + * As a workaround thus we set a custom policy which allows the execution + * of inline JavaScript. + * + * @link https://github.com/owncloud/core/issues/14286 + */ + header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'"); header("Content-Type: text/html"); echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy } else { |