upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 00:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 35

Merge pull request #4127 from nextcloud/update-legacy-csp-policy

Browse source 
Update legacy CSP policy
This commit is contained in:
Morris Jobke 2017-03-28 17:47:32 -06:00 committed by GitHub
commit dbf6b7ff86
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/legacy/response.php
View file

@ -253,7 +253,9 @@ class OC_Response {
. 'img-src * data: blob:; '
. 'font-src \'self\' data:; '
. 'media-src *; '
. 'connect-src *';
. 'connect-src *; '
. 'object-src \'none\'; '
. 'base-uri \'self\'; ';
header('Content-Security-Policy:' . $policy);
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains