Merge pull request #402 from git-marijus/dev
another try on #385 - replace sabres restrictive CSP with what we do in boot.php
This commit is contained in:
		| @@ -100,9 +100,12 @@ class Cloud extends \Zotlabs\Web\Controller { | |||||||
| 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php'); | 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php'); | ||||||
| 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); | 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); | ||||||
| 	 | 	 | ||||||
|  | 		ob_start(); | ||||||
| 		// All we need to do now, is to fire up the server | 		// All we need to do now, is to fire up the server | ||||||
| 		$server->exec(); | 		$server->exec(); | ||||||
|  |  | ||||||
|  | 		ob_end_flush(); | ||||||
|  |  | ||||||
| 		killme(); | 		killme(); | ||||||
| 	} | 	} | ||||||
| 	 | 	 | ||||||
|   | |||||||
| @@ -256,6 +256,7 @@ class Browser extends DAV\Browser\Plugin { | |||||||
| 				$func($a); | 				$func($a); | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|  | 		$this->server->httpResponse->setHeader('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"); | ||||||
| 		construct_page($a); | 		construct_page($a); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user