beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

CSP: Allow any CSS

Browse source
This commit is contained in:
Jakub Vrana 2018-01-22 12:22:25 +01:00
parent 9a4cd8936d
commit 48ed20323f
2 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
adminer/include/design.inc.php
View file

@ -110,7 +110,6 @@ function csp() {
return array(
array(
"script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
"style-src" => "'self' 'unsafe-inline'",
"connect-src" => "'self'",
"frame-src" => "https://www.adminer.org",
"object-src" => "'none'",

2
changes.txt
View file

@ -1,6 +1,6 @@
Adminer 4.4.1-dev:
Adminer: Fix Search data in tables (regression from 4.4.0)
CSP: Allow any images, media and fonts, disallow base-uri
CSP: Allow any styles, images, media and fonts, disallow base-uri
SQLite: Enable foreign key checks
PostgreSQL: Respect NULL default value
Elasticsearch: Insert, update, delete