CSP: Allow any images, media and fonts, disallow base-uri
This commit is contained in:
parent
2dcad1f284
commit
329b7de9cc
|
@ -109,12 +109,12 @@ function page_headers() {
|
||||||
function csp() {
|
function csp() {
|
||||||
return array(
|
return array(
|
||||||
array(
|
array(
|
||||||
"default-src" => "'none'",
|
|
||||||
"script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
|
"script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
|
||||||
"style-src" => "'self' 'unsafe-inline'",
|
"style-src" => "'self' 'unsafe-inline'",
|
||||||
"connect-src" => "'self'",
|
"connect-src" => "'self'",
|
||||||
"img-src" => "'self' data:",
|
|
||||||
"frame-src" => "https://www.adminer.org",
|
"frame-src" => "https://www.adminer.org",
|
||||||
|
"object-src" => "'none'",
|
||||||
|
"base-uri" => "'none'",
|
||||||
"form-action" => "'self'",
|
"form-action" => "'self'",
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
Adminer 4.4.1-dev:
|
Adminer 4.4.1-dev:
|
||||||
Adminer: Fix Search data in tables (regression from 4.4.0)
|
Adminer: Fix Search data in tables (regression from 4.4.0)
|
||||||
|
CSP: Allow any images, media and fonts, disallow base-uri
|
||||||
|
|
||||||
Adminer 4.4.0 (released 2018-01-17):
|
Adminer 4.4.0 (released 2018-01-17):
|
||||||
Add Content Security Policy
|
Add Content Security Policy
|
||||||
|
|
Loading…
Reference in a new issue