Skip to content

Commit

Permalink
fix!(ContentSecurityPolicy): Make strict-dynamic enabled by default…
Browse files Browse the repository at this point in the history 
… on `script-src-elem`

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
  • Loading branch information
@susnux
susnux committed Nov 17, 2023
1 parent 9ea0159 commit b137a35
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 77 deletions.
2 changes: 1 addition & 1 deletion lib/public/AppFramework/Http/ContentSecurityPolicy.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether strict-dynamic should be set */
protected $strictDynamicAllowed = false;
/** @var bool Whether strict-dynamic should be set for 'script-src-elem' */
protected $strictDynamicAllowedOnScripts = false;
protected $strictDynamicAllowedOnScripts = true;
/** @var array Domains from which scripts can get loaded */
protected $allowedScriptDomains = [
'\'self\'',
Expand Down
Loading

0 comments on commit b137a35

Please sign in to comment.