gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 05:31:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add unsafe-inline to csp rule, because of jquery 3.6.1

Browse Source
This commit is contained in:
Uwe Steinmann 2022-11-24 11:01:14 +01:00
parent 63ca342576
commit 7854f75c8c
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap4/class.Bootstrap4.php
View File

@ -57,9 +57,11 @@ class SeedDMS_Theme_Style extends SeedDMS_View_Common {
* X-Content-Security-Policy is deprecated, Firefox understands * X-Content-Security-Policy is deprecated, Firefox understands
* Content-Security-Policy since version 23+ * Content-Security-Policy since version 23+
* 'worker-src blob:' is needed for cytoscape * 'worker-src blob:' is needed for cytoscape
* 'unsafe-inline' is needed for jquery 3.6.1 when loading the remote
* content of a modal box
*/ */
$csp_rules = []; $csp_rules = [];
$csp_rule = "script-src 'self' 'unsafe-eval'"; $csp_rule = "script-src 'self' 'unsafe-eval' 'unsafe-inline'";
if($this->nonces) { if($this->nonces) {
$csp_rule .= " 'nonce-".implode("' 'nonce-", $this->nonces)."'"; $csp_rule .= " 'nonce-".implode("' 'nonce-", $this->nonces)."'";
} }