Merge pull request #402 from git-marijus/dev

another try on #385 - replace sabres restrictive CSP with what we do in boot.php
author: hubzilla <git@macgirvin.com> 2016-05-26 14:25:48 +1000
committer: hubzilla <git@macgirvin.com> 2016-05-26 14:25:48 +1000
commit: 2a9c1db0c9bd9927598bf082a9da501264ba4c8e (patch)
tree: 3357fb48006343eac89ff4c3374c7f21cf0944f3 /Zotlabs/Storage/Browser.php
parent: 4716627453c811bd6be6bf72afd83f43ab1abfc0 (diff)
parent: 929d33fb22754e8525f3054b321891335b522faa (diff)
download: volse-hubzilla-2a9c1db0c9bd9927598bf082a9da501264ba4c8e.tar.gz
volse-hubzilla-2a9c1db0c9bd9927598bf082a9da501264ba4c8e.tar.bz2
volse-hubzilla-2a9c1db0c9bd9927598bf082a9da501264ba4c8e.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index 3556f7f06..f875cbf33 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -256,6 +256,7 @@ class Browser extends DAV\Browser\Plugin {
 				$func($a);
 			}
 		}
+		$this->server->httpResponse->setHeader('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
 		construct_page($a);
 	}
author	hubzilla <git@macgirvin.com>	2016-05-26 14:25:48 +1000
committer	hubzilla <git@macgirvin.com>	2016-05-26 14:25:48 +1000
commit	2a9c1db0c9bd9927598bf082a9da501264ba4c8e (patch)
tree	3357fb48006343eac89ff4c3374c7f21cf0944f3 /Zotlabs/Storage/Browser.php
parent	4716627453c811bd6be6bf72afd83f43ab1abfc0 (diff)
parent	929d33fb22754e8525f3054b321891335b522faa (diff)
download	volse-hubzilla-2a9c1db0c9bd9927598bf082a9da501264ba4c8e.tar.gz volse-hubzilla-2a9c1db0c9bd9927598bf082a9da501264ba4c8e.tar.bz2 volse-hubzilla-2a9c1db0c9bd9927598bf082a9da501264ba4c8e.zip