Enable inline script on View Issue for Dropzone

This is a temporary fix until #21651 is fixed. Fixes #21650
mantisbt · Aug 27, 2016 · 7530384 · 7530384
1 parent 043ed4f
commit 7530384
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/core/http_api.php b/core/http_api.php
@@ -231,6 +231,12 @@ function http_security_headers() {
 			http_csp_add( 'script-src', 'maxcdn.bootstrapcdn.com' );
 		}
 
+		# Relaxing policy for view issue page to allow inline scripts.
+		# Should be removed once #21651 is fixed.
+		if( 'view.php' == basename( $_SERVER['SCRIPT_NAME'] ) ) {
+			http_csp_add( 'script-src', "'unsafe-inline'" );
+		}
+
 		http_csp_emit_header();
 
 		if( http_is_protocol_https() ) {