diff options
| -rw-r--r-- | application/controllers/file.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index b2ebac711..7984aa066 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -137,7 +137,7 @@ class File extends CI_Controller { if (!$can_highlight || $filesize_too_big || !$lexer) { // prevent javascript from being executed and forbid frames // this should allow us to serve user submitted HTML content without huge security risks - foreach (array("X-WebKit-CSP", "X-Content-Security-Policy") as $header_name) { + foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $header_name) { header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src * 'unsafe-inline'; script-src 'none'; object-src *; frame-src 'none'; "); } handle_etag($etag); |