commit 65ff0c4626c6d2268b63db59f23bb9d8e1b01e6c
parent 0ad18e590ee0ee20444ed3009abb7a5054674d73
Author: Jan Dankert <devnull@localhost>
Date: Sun, 31 Dec 2017 02:47:29 +0100
Content-Security-Policy als Array aufbauen.
Diffstat:
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/modules/cms-ui/UI.class.php b/modules/cms-ui/UI.class.php
@@ -42,8 +42,18 @@ class UI
$dispatcher->subaction = $subaction;
define('OR_METHOD', $subaction);
- //if (config('security','content-security-policy'))
- header('Content-Security-Policy: default-src \'none\'; script-src \'self\' \'unsafe-inline\'; object-src \'none\'; style-src \'self\' \'unsafe-inline\'; img-src \'self\'; media-src \'none\'; frame-src \'self\'; font-src \'none\'; connect-src \'self\'');
+ // Content-Security-Policy
+ //if (config('security','content-security-policy')) // config is not loaded yet.
+ $csp = array('default-src \'none\'',
+ 'script-src \'self\' \'unsafe-inline\'',
+ 'object-src \'none\'',
+ 'style-src \'self\' \'unsafe-inline\'',
+ 'img-src \'self\'',
+ 'media-src \'none\'',
+ 'frame-src \'self\'',
+ 'font-src \'none\'',
+ 'connect-src \'self\'');
+ header('Content-Security-Policy: '.implode(';',$csp));
$data = $dispatcher->doAction();
