lib.dc.page.php

Timestamp:

06/30/19 16:10:13 (6 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Remove unsafe-inline from CSP script-src directive (install/default/upgrade)

File:

inc/admin/lib.dc.page.php

r3946	r3998
110	110	$csp_prefix . "'self'" . $csp_suffix;
111	111	$csp['script-src'] = $core->blog->settings->system->csp_admin_script ?:
112		$csp_prefix . "'self' 'unsafe-~~inline' 'unsafe-~~eval'" . $csp_suffix;
	112	$csp_prefix . "'self' 'unsafe-eval'" . $csp_suffix;
113	113	$csp['style-src'] = $core->blog->settings->system->csp_admin_style ?:
114	114	$csp_prefix . "'self' 'unsafe-inline'" . $csp_suffix;

Note: See TracChangeset for help on using the changeset viewer.