From 48ed20323f5fdd96e51cd8e96b51b525c407b100 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Mon, 22 Jan 2018 12:22:25 +0100 Subject: [PATCH] CSP: Allow any CSS --- adminer/include/design.inc.php | 1 - changes.txt | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php index 87a8914d..102b898d 100644 --- a/adminer/include/design.inc.php +++ b/adminer/include/design.inc.php @@ -110,7 +110,6 @@ function csp() { return array( array( "script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-' - "style-src" => "'self' 'unsafe-inline'", "connect-src" => "'self'", "frame-src" => "https://www.adminer.org", "object-src" => "'none'", diff --git a/changes.txt b/changes.txt index e4765b26..391a17e4 100644 --- a/changes.txt +++ b/changes.txt @@ -1,6 +1,6 @@ Adminer 4.4.1-dev: Adminer: Fix Search data in tables (regression from 4.4.0) -CSP: Allow any images, media and fonts, disallow base-uri +CSP: Allow any styles, images, media and fonts, disallow base-uri SQLite: Enable foreign key checks PostgreSQL: Respect NULL default value Elasticsearch: Insert, update, delete