From 50bdd72578ca52a1d9a2c3f7387deedfb8faeb43 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Fri, 9 Mar 2012 14:47:46 +0100
Subject: CSP: allow object-src

Video files won't play without this.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/file_mod.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'application/models/file_mod.php')

diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 718ee21ec..7968324b4 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -263,7 +263,7 @@ class File_mod extends CI_Model {
 
 		if (!$can_highlight || $filesize_too_big || !$mode) {
 			foreach (array("X-WebKit-CSP", "X-Content-Security-Policy") as $header_name) {
-				header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src *; script-src 'none'; object-src 'none'; frame-src 'none'; ");
+				header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src *; script-src 'none'; object-src *; frame-src 'none'; ");
 			}
 			rangeDownload($file, $filedata["filename"], $type);
 			exit();
-- 
cgit v1.2.3-24-g4f1b