tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Csp: Include `script-src 'self';

Browse Source 
fixes #5180
This commit is contained in:
Johannes Meyer 2024-02-02 14:06:39 +01:00
parent fa394c8895
commit 4c3139224e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/Icinga/Util/Csp.php
View File

@ -51,7 +51,11 @@ class Csp
throw new RuntimeException('No nonce set for CSS');
}
$response->setHeader('Content-Security-Policy', "style-src 'self' 'nonce-$csp->styleNonce';", true);
$response->setHeader(
'Content-Security-Policy',
"script-src 'self'; style-src 'self' 'nonce-$csp->styleNonce';",
true
);
}
/**