From 0e233673e32ffff50dd9392fb3c371a9fff8bf0a Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 10 Oct 2015 18:59:06 -0400
Subject: Allow plugins to override CSP rules

---
 app/Controller/Base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Controller')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 480976b0..e0fd59cb 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -80,7 +80,7 @@ abstract class Base extends \Core\Base
     private function sendHeaders($action)
     {
         // HTTP secure headers
-        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:'));
+        $this->response->csp($this->container['cspRules']);
         $this->response->nosniff();
         $this->response->xss();
 
-- 
cgit v1.2.3