From 0e233673e32ffff50dd9392fb3c371a9fff8bf0a Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sat, 10 Oct 2015 18:59:06 -0400 Subject: Allow plugins to override CSP rules --- app/Controller/Base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/Controller/Base.php') diff --git a/app/Controller/Base.php b/app/Controller/Base.php index 480976b0..e0fd59cb 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -80,7 +80,7 @@ abstract class Base extends \Core\Base private function sendHeaders($action) { // HTTP secure headers - $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:')); + $this->response->csp($this->container['cspRules']); $this->response->nosniff(); $this->response->xss(); -- cgit v1.2.3