commit 2e6a90694098cd295c32978d8f6b826088d51c1e
parent e856016f575a4e4376ccab13be470ce50502b4d8
Author: dankert <devnull@localhost>
Date: Wed, 7 Oct 2009 01:07:28 +0200
Inline-JavaSkript per Content-Policy erlauben.
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -300,6 +300,9 @@ class Action
$expires = substr(date('r',time()-date('Z')),0,-5).'GMT';
header('Expires: ' .$expires );
+ header('X-Content-Security-Policy: '.'allow *; script-src \'self\'; options \'inline-script\'');
+
+
$httpAccept = getenv('HTTP_ACCEPT');
$types = explode(',',$httpAccept);
