summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2015-09-30 16:11:06 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-09-30 16:11:06 +0200
commit9a81eca7ba20c01135e6d1fb03ad9e7e88c1167a (patch)
treec73be837b9aedfa7e5f8ba95f0cde08f30045934 /lib
parentb9e0e6a5733ab6969501dbc7a6c3ac6c8a84175d (diff)
parent1a167dd5acdbfa771b0a32af93add0ffe5e4884f (diff)
downloadnextcloud-server-9a81eca7ba20c01135e6d1fb03ad9e7e88c1167a.tar.gz
nextcloud-server-9a81eca7ba20c01135e6d1fb03ad9e7e88c1167a.zip
Merge pull request #19450 from owncloud/stable8.1-backport-19440-19426
Stable8.1 backport 19440 19426
Diffstat (limited to 'lib')
-rw-r--r--lib/private/response.php2
-rw-r--r--lib/public/appframework/http/contentsecuritypolicy.php2
2 files changed, 3 insertions, 1 deletions
diff --git a/lib/private/response.php b/lib/private/response.php
index f1a429463f2..2cd1d990e51 100644
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -247,7 +247,7 @@ class OC_Response {
. 'script-src \'self\' \'unsafe-eval\'; '
. 'style-src \'self\' \'unsafe-inline\'; '
. 'frame-src *; '
- . 'img-src *; '
+ . 'img-src * data: blob:; '
. 'font-src \'self\' data:; '
. 'media-src *; '
. 'connect-src *';
diff --git a/lib/public/appframework/http/contentsecuritypolicy.php b/lib/public/appframework/http/contentsecuritypolicy.php
index 9c7218dc8ba..07c76f2969c 100644
--- a/lib/public/appframework/http/contentsecuritypolicy.php
+++ b/lib/public/appframework/http/contentsecuritypolicy.php
@@ -63,6 +63,8 @@ class ContentSecurityPolicy {
/** @var array Domains from which images can get loaded */
private $allowedImageDomains = [
'\'self\'',
+ 'data:',
+ 'blob:',
];
/** @var array Domains to which connections can be done */
private $allowedConnectDomains = [
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-24 23:04:02 +0000