Correct the syntax of the CSP

ZoneMinder · Feb 23, 2023 · 57bf25d · 57bf25d
1 parent aeb8292
commit 57bf25d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/web/includes/functions.php b/web/includes/functions.php
@@ -55,7 +55,7 @@ function CSPHeaders($view, $nonce) {
       // fall through
     default:
       // Enforce script-src on pages where inline scripts and event handlers have been fixed.
-      header("Content-Security-Policy: script-src 'self' object-src 'self' 'nonce-$nonce' $additionalScriptSrc".
+      header("Content-Security-Policy: object-src 'self'; script-src 'self' 'nonce-$nonce' $additionalScriptSrc".
         (ZM_CSP_REPORT_URI ? '; report-uri '.ZM_CSP_REPORT_URI : '' )
       );
       break;