From 35382583dbd0fd9920bc9df1f04363b12fcec657 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 14 Feb 2015 16:30:32 -0500
Subject: Allow remote images for markdown content

---
 app/Controller/Base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Controller/Base.php')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index f7ebdbab..548fdb40 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -143,7 +143,7 @@ abstract class Base
     private function sendHeaders($action)
     {
         // HTTP secure headers
-        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => "'self' data:"));
+        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '*'));
         $this->response->nosniff();
         $this->response->xss();
 
-- 
cgit v1.2.3