diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-09-29 15:13:04 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-09-29 15:13:04 +0200 |
| commit | 1abd4f52bb5a2300a279d8b9eb0d15d22721b575 (patch) | |
| tree | f76336c4e5ff84eddcc453af91734de6b6d74068 /lib | |
| parent | 733673b39d42507441cd46e42a913f5754c790e8 (diff) | |
| parent | e735a9915cec6a26f7f6d89100fef383c563fd0d (diff) | |
| download | nextcloud-server-1abd4f52bb5a2300a279d8b9eb0d15d22721b575.tar.gz nextcloud-server-1abd4f52bb5a2300a279d8b9eb0d15d22721b575.zip | |
Merge pull request #19440 from owncloud/allow-blob-for-images-per-default
Add blob: scheme to default CSP policy
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/response.php | 2 | ||||
| -rw-r--r-- | lib/public/appframework/http/contentsecuritypolicy.php | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/response.php b/lib/private/response.php index 14ee92972a9..2cd1d990e51 100644 --- a/lib/private/response.php +++ b/lib/private/response.php @@ -247,7 +247,7 @@ class OC_Response { . 'script-src \'self\' \'unsafe-eval\'; ' . 'style-src \'self\' \'unsafe-inline\'; ' . 'frame-src *; ' - . 'img-src * data:; ' + . 'img-src * data: blob:; ' . 'font-src \'self\' data:; ' . 'media-src *; ' . 'connect-src *'; diff --git a/lib/public/appframework/http/contentsecuritypolicy.php b/lib/public/appframework/http/contentsecuritypolicy.php index ee36f7aac17..07c76f2969c 100644 --- a/lib/public/appframework/http/contentsecuritypolicy.php +++ b/lib/public/appframework/http/contentsecuritypolicy.php @@ -64,6 +64,7 @@ class ContentSecurityPolicy { private $allowedImageDomains = [ '\'self\'', 'data:', + 'blob:', ]; /** @var array Domains to which connections can be done */ private $allowedConnectDomains = [ |