averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-27 18:37:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disallow inline JS

Browse Source
This commit is contained in:
Lukas Reschke
2013-01-20 23:30:16 +01:00
parent 967b7947a1
commit af8c193605
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/template.php
View File

@@ -190,6 +190,7 @@ class OC_Template{
header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
header('Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\''); // Disallow external ressources + eval()
header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\'');
$this->findTemplate($name);
}