Loosen the CSP a little for images.
This commit is contained in:
parent
a4b579d75d
commit
ae8485391b
|
@ -29,7 +29,7 @@ func renderTemplate(tmplName string, w http.ResponseWriter, r *http.Request, hea
|
|||
}
|
||||
// TODO: Expand this to non-HTTPS requests too
|
||||
if !header.LooseCSP && common.Site.EnableSsl {
|
||||
w.Header().Set("Content-Security-Policy", "default-src https: 'unsafe-eval'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests")
|
||||
w.Header().Set("Content-Security-Policy", "default-src https: 'unsafe-eval'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests")
|
||||
}
|
||||
if header.CurrentUser.IsAdmin {
|
||||
header.Elapsed1 = time.Since(header.StartedAt).String()
|
||||
|
|
Loading…
Reference in New Issue