Allow plugins to override CSP rules

author: Frederic Guillot <fred@kanboard.net> 2015-10-10 18:59:06 -0400
committer: Frederic Guillot <fred@kanboard.net> 2015-10-10 18:59:06 -0400
commit: 0e233673e32ffff50dd9392fb3c371a9fff8bf0a (patch)
tree: f7e3b24813c28f122de1b42dcf3784faabb3ae2f /app/Controller
parent: e3521db6a83639b409e2dd7abb19417f3ac0a9cd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 480976b0..e0fd59cb 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -80,7 +80,7 @@ abstract class Base extends \Core\Base
     private function sendHeaders($action)
     {
         // HTTP secure headers
-        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:'));
+        $this->response->csp($this->container['cspRules']);
         $this->response->nosniff();
         $this->response->xss();
author	Frederic Guillot <fred@kanboard.net>	2015-10-10 18:59:06 -0400
committer	Frederic Guillot <fred@kanboard.net>	2015-10-10 18:59:06 -0400
commit	0e233673e32ffff50dd9392fb3c371a9fff8bf0a (patch)
tree	f7e3b24813c28f122de1b42dcf3784faabb3ae2f /app/Controller
parent	e3521db6a83639b409e2dd7abb19417f3ac0a9cd (diff)