lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Added https://gravatar address to CSP

Browse source
This commit is contained in:
snipe 2020-10-23 12:09:03 -07:00
parent d03d4deef9
commit 4ccba5337a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/SecurityHeaders.php
View file

@ -106,7 +106,7 @@ class SecurityHeaders
$csp_policy[] = "connect-src 'self'"; $csp_policy[] = "connect-src 'self'";
$csp_policy[] = "object-src 'none'"; $csp_policy[] = "object-src 'none'";
$csp_policy[] = "font-src 'self' data:"; $csp_policy[] = "font-src 'self' data:";
$csp_policy[] = "img-src 'self' data: gravatar.com maps.google.com maps.gstatic.com *.googleapis.com"; $csp_policy[] = "img-src 'self' data: ".config('app.url')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
$csp_policy = join(';', $csp_policy); $csp_policy = join(';', $csp_policy);
$response->headers->set('Content-Security-Policy', $csp_policy); $response->headers->set('Content-Security-Policy', $csp_policy);
} }