From b97dfc7d5e645a4993f6b29d41d87af946a55016 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Fri, 12 Jul 2013 22:03:20 +0200
Subject: Add standard name for CSP header

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/controllers/file.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/controllers/file.php b/application/controllers/file.php
index b2ebac711..7984aa066 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -137,7 +137,7 @@ class File extends CI_Controller {
 		if (!$can_highlight || $filesize_too_big || !$lexer) {
 			// prevent javascript from being executed and forbid frames
 			// this should allow us to serve user submitted HTML content without huge security risks
-			foreach (array("X-WebKit-CSP", "X-Content-Security-Policy") as $header_name) {
+			foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $header_name) {
 				header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src * 'unsafe-inline'; script-src 'none'; object-src *; frame-src 'none'; ");
 			}
 			handle_etag($etag);
-- 
cgit v1.2.3-24-g4f1b