diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-02-14 16:11:13 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-02-14 16:11:13 -0500 |
| commit | f7e4c3928aba9cb7f5222cb4af67846312bbb435 (patch) | |
| tree | 78f5854a0bdc538c977bad718a11d605a4caaca6 /app/Controller/Base.php | |
| parent | 364382b1b58db8bf1bd2c8866e21c869a7a5d6d0 (diff) | |
Refactoring/simplification of the pull-request about links
Diffstat (limited to 'app/Controller/Base.php')
| -rw-r--r-- | app/Controller/Base.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php index 2c8b5cde..76a81612 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -141,7 +141,7 @@ abstract class Base private function sendHeaders($action) { // HTTP secure headers - $this->response->csp(array('style-src' => "'self' 'unsafe-inline'")); + $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => "'self' data:")); $this->response->nosniff(); $this->response->xss(); @@ -201,7 +201,7 @@ abstract class Base { $project_id = $this->request->getIntegerParam('project_id'); $task_id = $this->request->getIntegerParam('task_id'); - + // Allow urls without "project_id" if ($task_id > 0 && $project_id === 0) { $project_id = $this->taskFinder->getProjectId($task_id); |