diff options
author | Marien Fressinaud <dev@marienfressinaud.fr> | 2016-01-23 18:47:47 +0100 |
---|---|---|
committer | Marien Fressinaud <dev@marienfressinaud.fr> | 2016-01-23 18:47:47 +0100 |
commit | 8baa417ecef452ad033cb43b555835e0c3d7397a (patch) | |
tree | dc6e55c899685e6c568727d98cbac277561f869f /app | |
parent | cc93b869916fe34e38c4f49f317abf7c2b8e8f2a (diff) |
Move default-src CSP rule to ClassProvider
It was impossible to override the default-src CSP rule inside a plugin. This commit
fixes this limitation by moving the assignation of the rule from Response class to
ClassProvider.
Diffstat (limited to 'app')
-rw-r--r-- | app/Core/Http/Response.php | 1 | ||||
-rw-r--r-- | app/ServiceProvider/ClassProvider.php | 1 |
2 files changed, 1 insertions, 1 deletions
diff --git a/app/Core/Http/Response.php b/app/Core/Http/Response.php index fdd7d994..7fefddeb 100644 --- a/app/Core/Http/Response.php +++ b/app/Core/Http/Response.php @@ -220,7 +220,6 @@ class Response extends Base */ public function csp(array $policies = array()) { - $policies['default-src'] = "'self'"; $values = ''; foreach ($policies as $policy => $acl) { diff --git a/app/ServiceProvider/ClassProvider.php b/app/ServiceProvider/ClassProvider.php index c56c9259..df4e183b 100644 --- a/app/ServiceProvider/ClassProvider.php +++ b/app/ServiceProvider/ClassProvider.php @@ -168,6 +168,7 @@ class ClassProvider implements ServiceProviderInterface }; $container['cspRules'] = array( + 'default-src' => "'self'", 'style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:', ); |