From 8baa417ecef452ad033cb43b555835e0c3d7397a Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 23 Jan 2016 18:47:47 +0100 Subject: Move default-src CSP rule to ClassProvider It was impossible to override the default-src CSP rule inside a plugin. This commit fixes this limitation by moving the assignation of the rule from Response class to ClassProvider. --- app/ServiceProvider/ClassProvider.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/ServiceProvider') diff --git a/app/ServiceProvider/ClassProvider.php b/app/ServiceProvider/ClassProvider.php index c56c9259..df4e183b 100644 --- a/app/ServiceProvider/ClassProvider.php +++ b/app/ServiceProvider/ClassProvider.php @@ -168,6 +168,7 @@ class ClassProvider implements ServiceProviderInterface }; $container['cspRules'] = array( + 'default-src' => "'self'", 'style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:', ); -- cgit v1.2.3