diff options
| author | sualko <klaus@jsxc.org> | 2019-08-21 13:05:05 +0300 |
|---|---|---|
| committer | sualko <klaus@jsxc.org> | 2019-08-21 13:05:05 +0300 |
| commit | b116702a95880f47a63c878281c0f7cc6a2e7aba (patch) | |
| tree | f4106b918ef0e3487f6b26e641911ef0ffd025c8 /appinfo | |
| parent | 90d4951e615bdfaec225e467cf6204cc94d22706 (diff) | |
fix: add unsafe-eval only in dev env
Diffstat (limited to 'appinfo')
| -rwxr-xr-x | appinfo/app.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/appinfo/app.php b/appinfo/app.php index 7f7789c..e5253d4 100755 --- a/appinfo/app.php +++ b/appinfo/app.php @@ -38,7 +38,12 @@ if(class_exists('\\OCP\\AppFramework\\Http\\EmptyContentSecurityPolicy')) { $policy->addAllowedStyleDomain('\'self\''); $policy->addAllowedStyleDomain('\'unsafe-inline\''); - $policy->addAllowedScriptDomain('\'self\' \'unsafe-eval\''); + $policy->addAllowedScriptDomain('\'self\''); + + if ($config->getSystemValue('jsxc.environment', 'production') === 'development') { + // required for source maps + $policy->addAllowedScriptDomain('\'unsafe-eval\''); + } $policy->addAllowedImageDomain('\'self\''); $policy->addAllowedImageDomain('data:'); |