Merge pull request #13403 from nextcloud/csp/allow_data_fonts

CSP: Allow fonts to be provided in data
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2019-01-07 15:39:45 +0100
committer: GitHub <noreply@github.com> 2019-01-07 15:39:45 +0100
commit: 6e4c5a6248ca381dc59a20d553d666ecf15fee99 (patch)
tree: e68fd4bbc5cc979127a6d9b04f8eb03f2f3ce7ba /lib
parent: 8508e296e38852a612816d07b954c3b0308028d8 (diff)
parent: 64244e1a4fe3d287fc7764e9f64c65777384fff0 (diff)
download: nextcloud-server-6e4c5a6248ca381dc59a20d553d666ecf15fee99.tar.gz
nextcloud-server-6e4c5a6248ca381dc59a20d553d666ecf15fee99.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index e9ecf000364..68aa4b5ddb4 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -80,6 +80,7 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
 	/** @var array Domains from which fonts can be loaded */
 	protected $allowedFontDomains = [
 		'\'self\'',
+		'data:',
 	];
 	/** @var array Domains from which web-workers and nested browsing content can load elements */
 	protected $allowedChildSrcDomains = [];
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2019-01-07 15:39:45 +0100
committer	GitHub <noreply@github.com>	2019-01-07 15:39:45 +0100
commit	6e4c5a6248ca381dc59a20d553d666ecf15fee99 (patch)
tree	e68fd4bbc5cc979127a6d9b04f8eb03f2f3ce7ba /lib
parent	8508e296e38852a612816d07b954c3b0308028d8 (diff)
parent	64244e1a4fe3d287fc7764e9f64c65777384fff0 (diff)
download	nextcloud-server-6e4c5a6248ca381dc59a20d553d666ecf15fee99.tar.gz nextcloud-server-6e4c5a6248ca381dc59a20d553d666ecf15fee99.zip