diff options
author | Florian Pritz <bluewind@xinu.at> | 2012-04-12 19:49:05 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2012-04-12 19:49:05 +0200 |
commit | eb820e55b3e4a7af62038f8f236c37fb6e6c66d9 (patch) | |
tree | 8c3540a30b331d928b7c0b5eedbf4c142587d1aa | |
parent | ccaacf44d01471670fa8650a8498dcd49c29b358 (diff) |
CSP: add unsafe-inline to style-src
chromium rejects inline css with this.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r-- | application/models/file_mod.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php index ffd031ace..48248fe7d 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -254,7 +254,7 @@ class File_mod extends CI_Model { if (!$can_highlight || $filesize_too_big || !$mode) { foreach (array("X-WebKit-CSP", "X-Content-Security-Policy") as $header_name) { - header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src *; script-src 'none'; object-src *; frame-src 'none'; "); + header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src * 'unsafe-inline'; script-src 'none'; object-src *; frame-src 'none'; "); } rangeDownload($file, $filedata["filename"], $type); exit(); |