summaryrefslogtreecommitdiffstats
path: root/application/controllers/file.php
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2013-07-12 22:03:20 +0200
committerFlorian Pritz <bluewind@xinu.at>2013-07-12 22:03:20 +0200
commitb97dfc7d5e645a4993f6b29d41d87af946a55016 (patch)
tree25a74e5cb031e63dfd8d2225fba98947845ac0be /application/controllers/file.php
parentf06e4473b35eef5d7d0314f6c9493ebcf9f9fe6d (diff)
Add standard name for CSP header
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers/file.php')
-rw-r--r--application/controllers/file.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index b2ebac711..7984aa066 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -137,7 +137,7 @@ class File extends CI_Controller {
if (!$can_highlight || $filesize_too_big || !$lexer) {
// prevent javascript from being executed and forbid frames
// this should allow us to serve user submitted HTML content without huge security risks
- foreach (array("X-WebKit-CSP", "X-Content-Security-Policy") as $header_name) {
+ foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $header_name) {
header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src * 'unsafe-inline'; script-src 'none'; object-src *; frame-src 'none'; ");
}
handle_etag($etag);