From 929d33fb22754e8525f3054b321891335b522faa Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 25 May 2016 14:18:41 +0200
Subject: another try on #385 - replace sabres restrictive CSP with what we do
 in boot.php

---
 Zotlabs/Module/Cloud.php    | 3 +++
 Zotlabs/Storage/Browser.php | 1 +
 2 files changed, 4 insertions(+)

diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index d9b0c47d4..b691475ce 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -100,9 +100,12 @@ class Cloud extends \Zotlabs\Web\Controller {
 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
 	
+		ob_start();
 		// All we need to do now, is to fire up the server
 		$server->exec();
 
+		ob_end_flush();
+
 		killme();
 	}
 	
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index 3556f7f06..f875cbf33 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -256,6 +256,7 @@ class Browser extends DAV\Browser\Plugin {
 				$func($a);
 			}
 		}
+		$this->server->httpResponse->setHeader('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
 		construct_page($a);
 	}
 
-- 
cgit v1.2.3