gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2026-01-30 13:09:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

allow CSP worker-src blob:

Browse Source
This commit is contained in:
Uwe Steinmann 2018-03-28 17:06:10 +02:00
parent 820b88c9cf
commit 3e2931068e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
views/bootstrap/class.Bootstrap.php
View File

@ -54,12 +54,13 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
/* We still need unsafe-eval, because printDocumentChooserHtml and
* printFolderChooserHtml will include a javascript file with ajax
* which is evaled by jquery
* worker-src blob: is needed for cytoscape
* X-WebKit-CSP is deprecated, Chrome understands Content-Security-Policy
* since version 25+
* X-Content-Security-Policy is deprecated, Firefox understands
* Content-Security-Policy since version 23+
*/
$csp_rules = "script-src 'self' 'unsafe-eval';"; // style-src 'self';";
$csp_rules = "script-src 'self' 'unsafe-eval'; worker-src blob:;"; // style-src 'self';";
foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp) {
header($csp . ": " . $csp_rules);
}