Permalink
Browse files

Add CSPAllow to script-src as well

Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information...
1 parent 9a1099e commit e82c1b2e093bebe2dbc2c7b2f43bf5e7d16f208f @nijel nijel committed Apr 12, 2014
Showing with 1 addition and 0 deletions.
  1. +1 −0 libraries/Header.class.php
@@ -476,6 +476,7 @@ public function sendHttpHeaders()
. $GLOBALS['cfg']['CSPAllow'] . ';'
. "script-src 'self' 'unsafe-inline' 'unsafe-eval' "
. ($use_captcha ? 'https://www.google.com ' : ' ')
+ . $GLOBALS['cfg']['CSPAllow'] . ';'
. ";"
. "style-src 'self' 'unsafe-inline' "
. ($use_captcha ? 'https://www.google.com ' : ' ')

0 comments on commit e82c1b2

Please sign in to comment.