Changeset 3291:34af0b763d82 for admin

Timestamp:

07/24/16 14:30:20 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Put CSP activation and directives in settings, thanks Gvx for report.

File:

admin/install/index.php

-                      r3159
+                      r3291
           $blog_settings->system->put('store_plugin_url','http://update.dotaddict.org/dc2/plugins.xml','string','Plugins XML feed location',true,true);
           $blog_settings->system->put('store_theme_url','http://update.dotaddict.org/dc2/themes.xml','string','Themes XML feed location',true,true);
+          # CSP directive (admin part)
+          $blog_settings->system->put('csp_admin_on',true,'boolean','Send CSP header (admin)',true,true);
+          $blog_settings->system->put('csp_admin_default',"\'self\'",'string','CSP default-src directive',true,true);
+          $blog_settings->system->put('csp_admin_script',"\'self\' \'unsafe-inline\' \'unsafe-eval\'",'string','CSP script-src directive',true,true);
+          $blog_settings->system->put('csp_admin_style',"\'self\' \'unsafe-inline\'",'string','CSP style-src directive',true,true);
+          $blog_settings->system->put('csp_admin_img',"\'self\' data: media.dotaddict.org",'string','CSP img-src directive',true,true);
           # Add Dotclear version

Note: See TracChangeset for help on using the changeset viewer.