From 64244e1a4fe3d287fc7764e9f64c65777384fff0 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Mon, 7 Jan 2019 13:13:34 +0100 Subject: CSP: Allow fonts to be provided in data Signed-off-by: Roeland Jago Douma --- tests/lib/AppFramework/Http/ResponseTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/lib/AppFramework/Http/ResponseTest.php') diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php index 61cfe2cabdc..b7939173673 100644 --- a/tests/lib/AppFramework/Http/ResponseTest.php +++ b/tests/lib/AppFramework/Http/ResponseTest.php @@ -59,14 +59,14 @@ class ResponseTest extends \Test\TestCase { $this->childResponse->setHeaders($expected); $headers = $this->childResponse->getHeaders(); - $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'"; + $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self'"; $this->assertEquals($expected, $headers); } public function testOverwriteCsp() { $expected = [ - 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'", + 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self' data:;connect-src 'self';media-src 'self'", ]; $policy = new Http\ContentSecurityPolicy(); $policy->allowInlineScript(true); -- cgit v1.2.3