tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add missing script-src policy (#5181) 

fixes #5180
This commit is contained in:
Johannes Meyer 2024-08-07 11:46:00 +02:00 committed by GitHub
parent fa394c8895 bb47844646
commit b268044efc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/Icinga/Util/Csp.php
View File

@ -51,7 +51,11 @@ class Csp
throw new RuntimeException('No nonce set for CSS');
}
$response->setHeader('Content-Security-Policy', "style-src 'self' 'nonce-$csp->styleNonce';", true);
$response->setHeader(
'Content-Security-Policy',
"script-src 'self'; style-src 'self' 'nonce-$csp->styleNonce';",
true
);
}
/**

8
public/js/icinga/behavior/collapsible.js
View File

@ -424,7 +424,9 @@
if (this.isDetails(collapsible)) {
collapsible.open = false;
} else {
collapsible.style.cssText = 'display: block; height: ' + toHeight + 'px; padding-bottom: 0';
collapsible.style.display = 'block';
collapsible.style.height = toHeight + 'px';
collapsible.style.paddingBottom = '0px';
if ('hasExternalToggle' in collapsible.dataset) {
document.getElementById(collapsible.dataset.toggleElement).classList.add('collapsed');
@ -445,7 +447,9 @@
if (this.isDetails(collapsible)) {
collapsible.open = true;
} else {
collapsible.style.cssText = '';
collapsible.style.display = '';
collapsible.style.height = '';
collapsible.style.paddingBottom = '';
if ('hasExternalToggle' in collapsible.dataset) {
document.getElementById(collapsible.dataset.toggleElement).classList.remove('collapsed');