diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-01-23 13:44:43 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-01-23 13:44:43 +0100 |
| commit | 293e7bdcf0b9769a1aaa240b5d61bc20e3673d78 (patch) | |
| tree | c9fecb1d58d1a1cd0b534e908f3982d80c666152 /lib | |
| parent | 0517465f4d2d4ebfebfee66cc4c816495a7ebf7a (diff) | |
| download | nextcloud-server-293e7bdcf0b9769a1aaa240b5d61bc20e3673d78.tar.gz nextcloud-server-293e7bdcf0b9769a1aaa240b5d61bc20e3673d78.zip | |
Notice about changing the standard policy
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/template.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/template.php b/lib/template.php index 96ca2c8afb3..a545d91f3c1 100644 --- a/lib/template.php +++ b/lib/template.php @@ -191,6 +191,7 @@ class OC_Template{ header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE // Content Security Policy + // If you change the standard policy, please also change it in config.sample.php $policy = OC_Config::getValue('custom_csp_policy', 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *'); header('Content-Security-Policy:'.$policy); // Standard header('X-WebKit-CSP:'.$policy); // Older webkit browsers |