Dotclear


Ignore:
Timestamp:
08/15/16 08:16:04 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
2.10
Message:

Prevents CSP directive violation in media manager and post/page preview

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/admin/lib.dc.page.php

    r3294 r3307  
    110110               $csp['style-src'] = $core->blog->settings->system->csp_admin_style ? $core->blog->settings->system->csp_admin_style : "'self' 'unsafe-inline'"; 
    111111               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ? $core->blog->settings->system->csp_admin_img : "'self' data: media.dotaddict.org"; 
     112 
     113               # Cope with blog post preview (via public URL in iframe) 
     114               if (!is_null($core->blog->host)) { 
     115                    $csp['default-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST); 
     116               } 
     117               # Cope with media display in media manager (via public URL) 
     118               if (!is_null($core->media)) { 
     119                    $csp['img-src'] .= ' '.parse_url($core->media->root_url,PHP_URL_HOST); 
     120               } 
    112121 
    113122               # --BEHAVIOR-- adminPageHTTPHeaderCSP 
Note: See TracChangeset for help on using the changeset viewer.

Sites map