aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2016-05-25 14:18:41 +0200
committerMario Vavti <mario@mariovavti.com>2016-05-25 14:18:41 +0200
commit929d33fb22754e8525f3054b321891335b522faa (patch)
treec747dcc0d67eba29867630c9bd01f65b00eb02d7
parentc37eaff26331c49a2c8754f6d49c6145863f47ca (diff)
downloadvolse-hubzilla-929d33fb22754e8525f3054b321891335b522faa.tar.gz
volse-hubzilla-929d33fb22754e8525f3054b321891335b522faa.tar.bz2
volse-hubzilla-929d33fb22754e8525f3054b321891335b522faa.zip
another try on #385 - replace sabres restrictive CSP with what we do in boot.php
-rw-r--r--Zotlabs/Module/Cloud.php3
-rw-r--r--Zotlabs/Storage/Browser.php1
2 files changed, 4 insertions, 0 deletions
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index d9b0c47d4..b691475ce 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -100,9 +100,12 @@ class Cloud extends \Zotlabs\Web\Controller {
// require_once('\Zotlabs\Storage/QuotaPlugin.php');
// $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+ ob_start();
// All we need to do now, is to fire up the server
$server->exec();
+ ob_end_flush();
+
killme();
}
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index 3556f7f06..f875cbf33 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -256,6 +256,7 @@ class Browser extends DAV\Browser\Plugin {
$func($a);
}
}
+ $this->server->httpResponse->setHeader('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
construct_page($a);
}