From 8baa417ecef452ad033cb43b555835e0c3d7397a Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Sat, 23 Jan 2016 18:47:47 +0100
Subject: Move default-src CSP rule to ClassProvider

It was impossible to override the default-src CSP rule inside a plugin. This commit
fixes this limitation by moving the assignation of the rule from Response class to
ClassProvider.
---
 app/Core/Http/Response.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'app/Core')

diff --git a/app/Core/Http/Response.php b/app/Core/Http/Response.php
index fdd7d994..7fefddeb 100644
--- a/app/Core/Http/Response.php
+++ b/app/Core/Http/Response.php
@@ -220,7 +220,6 @@ class Response extends Base
      */
     public function csp(array $policies = array())
     {
-        $policies['default-src'] = "'self'";
         $values = '';
 
         foreach ($policies as $policy => $acl) {
-- 
cgit v1.2.3