summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/Controller/Base.php2
-rw-r--r--app/Core/Plugin/Base.php11
-rw-r--r--app/ServiceProvider/ClassProvider.php2
3 files changed, 14 insertions, 1 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 480976b0..e0fd59cb 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -80,7 +80,7 @@ abstract class Base extends \Core\Base
private function sendHeaders($action)
{
// HTTP secure headers
- $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:'));
+ $this->response->csp($this->container['cspRules']);
$this->response->nosniff();
$this->response->xss();
diff --git a/app/Core/Plugin/Base.php b/app/Core/Plugin/Base.php
index a72a0cd6..1b7ac8f5 100644
--- a/app/Core/Plugin/Base.php
+++ b/app/Core/Plugin/Base.php
@@ -19,6 +19,17 @@ abstract class Base extends \Core\Base
abstract public function initialize();
/**
+ * Override default CSP rules
+ *
+ * @access public
+ * @param array $rules
+ */
+ public function setContentSecurityPolicy(array $rules)
+ {
+ $this->container['cspRules'] = $rules;
+ }
+
+ /**
* Returns all classes that needs to be stored in the DI container
*
* @access public
diff --git a/app/ServiceProvider/ClassProvider.php b/app/ServiceProvider/ClassProvider.php
index 8a959638..5d157749 100644
--- a/app/ServiceProvider/ClassProvider.php
+++ b/app/ServiceProvider/ClassProvider.php
@@ -126,5 +126,7 @@ class ClassProvider implements ServiceProviderInterface
};
$container['pluginLoader'] = new Loader($container);
+
+ $container['cspRules'] = array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:');
}
}