tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Csp: Include `script-src 'self'; 

fixes #5180
This commit is contained in:
Johannes Meyer 2024-02-02 14:06:39 +01:00
parent fa394c8895
commit 4c3139224e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/Icinga/Util/Csp.php
View File

@ -51,7 +51,11 @@ class Csp
throw new RuntimeException('No nonce set for CSS');
}
$response->setHeader('Content-Security-Policy', "style-src 'self' 'nonce-$csp->styleNonce';", true);
$response->setHeader(
'Content-Security-Policy',
"script-src 'self'; style-src 'self' 'nonce-$csp->styleNonce';",
true
);
}
/**