Dotclear


Ignore:
Timestamp:
11/10/16 15:32:24 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Add blob: to CSP img-src default directive, closes #2218

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/admin/lib.dc.page.php

    r3398 r3401  
    109109               $csp['script-src'] = $core->blog->settings->system->csp_admin_script ?: "'self' 'unsafe-inline' 'unsafe-eval'"; 
    110110               $csp['style-src'] = $core->blog->settings->system->csp_admin_style ?: "'self' 'unsafe-inline'"; 
    111                $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: "'self' data: media.dotaddict.org"; 
     111               $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: "'self' data: media.dotaddict.org blob:"; 
    112112 
    113113               # Cope with blog post preview (via public URL in iframe) 
Note: See TracChangeset for help on using the changeset viewer.

Sites map