Dotclear

Changeset 3509:652d583aa806 for inc


Ignore:
Timestamp:
01/08/17 11:16:52 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Add current blog domain for script and style CSP directives (useful for iframe editing via editor)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/admin/lib.dc.page.php

    r3499 r3509  
    124124               if (!is_null($core->blog->host)) { 
    125125                    $csp['default-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST); 
     126                    $csp['script-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST); 
     127                    $csp['style-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST); 
    126128               } 
    127129               # Cope with media display in media manager (via public URL) 
Note: See TracChangeset for help on using the changeset viewer.

Sites map