Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/news.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/controller/pagecontroller.php
diff options
context:
space:
mode:
Diffstat (limited to 'controller/pagecontroller.php')
-rw-r--r--controller/pagecontroller.php13
1 files changed, 7 insertions, 6 deletions
diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php
index 3b3220598..5768549c6 100644
--- a/controller/pagecontroller.php
+++ b/controller/pagecontroller.php
@@ -72,12 +72,13 @@ class PageController extends Controller {
]);
$csp = new ContentSecurityPolicy();
- $csp->addAllowedImageDomain('*');
- $csp->addAllowedMediaDomain('*');
- $csp->addAllowedFrameDomain('https://youtube.com');
- $csp->addAllowedFrameDomain('https://www.youtube.com');
- $csp->addAllowedFrameDomain('https://player.vimeo.com');
- $csp->addAllowedFrameDomain('https://www.player.vimeo.com');
+ $csp->addAllowedImageDomain('*')
+ ->addAllowedMediaDomain('*')
+ ->addAllowedConnectDomain('*') // chrome breaks on audio elements
+ ->addAllowedFrameDomain('https://youtube.com')
+ ->addAllowedFrameDomain('https://www.youtube.com')
+ ->addAllowedFrameDomain('https://player.vimeo.com')
+ ->addAllowedFrameDomain('https://www.player.vimeo.com');
$response->setContentSecurityPolicy($csp);
return $response;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-07 17:21:19 +0300