gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-31 13:18:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add 'worker-src blob:' to csp rule

Browse Source
This commit is contained in:
Uwe Steinmann 2018-11-16 11:36:48 +01:00
parent e6cc38cb22
commit 488b274048
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
views/bootstrap/class.Bootstrap.php
View File

@ -54,8 +54,9 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
* since version 25+
* X-Content-Security-Policy is deprecated, Firefox understands
* Content-Security-Policy since version 23+
* 'worker-src blob:' is needed for cytoscape
*/
$csp_rules = "script-src 'self' 'unsafe-eval';"; // style-src 'self';";
$csp_rules = "script-src 'self' 'unsafe-eval'; worker-src blob:;"; // style-src 'self';";
foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp) {
header($csp . ": " . $csp_rules);
}