Dotclear

Changeset 3988:798dd7e86493


Ignore:
Timestamp:
06/28/19 13:00:12 (6 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Set specific CSP for CKEditor 4.x

Location:
plugins/dcCKEditor
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • plugins/dcCKEditor/_admin.php

    r3874 r3988  
    3030 
    3131    $core->addBehavior('adminMediaURL', ['dcCKEditorBehaviors', 'adminMediaURL']); 
     32 
     33    $core->addBehavior('adminPageHTTPHeaderCSP', ['dcCKEditorBehaviors', 'adminPageHTTPHeaderCSP']); 
    3234} 

  • plugins/dcCKEditor/inc/dc.ckeditor.behaviors.php

    r3977 r3988  
    9393        return self::$tagsContext; 
    9494    } 
     95 
     96    public static function adminPageHTTPHeaderCSP($csp) 
     97    { 
     98        return; 
     99        // add 'unsafe-inline' for CSS, add 'unsafe-eval' for scripts as far as CKEditor 4.x is used 
     100        $csp['style-src'] .= " 'unsafe-inline'"; 
     101        $csp['script-src'] .= " 'unsafe-inline' 'unsafe-eval'"; 
     102    } 
    95103} 
Note: See TracChangeset for help on using the changeset viewer.

Sites map