From 6867b0c841a39be989ece2ba7d15c8ba5e1606df Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 Feb 2023 09:47:49 -0500 Subject: [PATCH] Correct the syntax of the CSP --- web/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 767d6d038..ee4f66f6e 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -46,7 +46,7 @@ function CSPHeaders($view, $nonce) { // fall through default: // Enforce script-src on pages where inline scripts and event handlers have been fixed. - header("Content-Security-Policy: script-src 'self' object-src 'self' 'nonce-$nonce' $additionalScriptSrc". + header("Content-Security-Policy: object-src 'self'; script-src 'self' 'nonce-$nonce' $additionalScriptSrc". (ZM_CSP_REPORT_URI ? '; report-uri '.ZM_CSP_REPORT_URI : '' ) ); break;