mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-24 08:14:56 -04:00
Code Issues Packages Projects Releases Wiki Activity

CSP different policies per controller

Browse Source 
https://github.com/FreshRSS/FreshRSS/issues/1075
This commit is contained in:
Alexandre Alapetite
2016-02-21 21:25:23 +01:00
parent cb913a3a76
commit 38c2d671e3
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/FreshRSS.php
View File

@@ -111,10 +111,16 @@ class FreshRSS extends Minz_FrontController {
}
public static function preLayout() {
if (Minz_Request::controllerName() === 'stats') {
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
} else {
header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
switch (Minz_Request::controllerName()) {
case 'index':
header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
break;
case 'stats':
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
break;
default:
header("Content-Security-Policy: default-src 'self'");
break;
}
}

1
app/install.php
View File

@@ -2,6 +2,7 @@
if (function_exists('opcache_reset')) {
opcache_reset();
}
header("Content-Security-Policy: default-src 'self'");
define('BCRYPT_COST', 9);