mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-19 22:04:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add data: to CSP in subscriptionController (#8253)

Browse Source 
Quick fix for https://github.com/FreshRSS/FreshRSS/issues/8250
Regression from https://github.com/FreshRSS/FreshRSS/pull/7646

It seems the CSP is too permissive on some pages though (`img-src *`), so should fix that too later
This commit is contained in:
Inverle
2025-11-26 10:06:44 +01:00
committed by GitHub
parent 1a3565f26c
commit fbfc5eacad
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controllers/subscriptionController.php
View File

@@ -49,7 +49,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
$this->_csp([
'default-src' => "'self'",
'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
'img-src' => "'self' blob:",
'img-src' => "'self' data: blob:",
]);
$this->view->onlyFeedsWithError = Minz_Request::paramBoolean('error');
@@ -119,7 +119,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
$this->_csp([
'default-src' => "'self'",
'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
'img-src' => "'self' blob:",
'img-src' => "'self' data: blob:",
]);
if (Minz_Request::isPost()) {