Halaman utama Jelajahi Bantuan
Masuk
LBP
/
FressRSS
cermin dari https://github.com/FreshRSS/FreshRSS.git
4
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Add `data:` to CSP in `subscriptionController` (#8253)

Quick fix for https://github.com/FreshRSS/FreshRSS/issues/8250
Regression from https://github.com/FreshRSS/FreshRSS/pull/7646

It seems the CSP is too permissive on some pages though (`img-src *`), so should fix that too later
Inverle 4 bulan lalu
induk
1a3565f26c
melakukan
fbfc5eacad
1 mengubah file dengan 2 tambahan dan 2 penghapusan
Unified View Tampilkan Statistik Diff
  1. 2 2
      app/Controllers/subscriptionController.php

+ 2 - 2
app/Controllers/subscriptionController.php
Tampilan Berkas 

@@ -49,7 +49,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
 
 		$this->_csp([
 
 		$this->_csp([
 
 			'default-src' => "'self'",
 
 			'default-src' => "'self'",
 
 			'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
 
 			'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
 
-			'img-src' => "'self' blob:",
 
+			'img-src' => "'self' data: blob:",
 
 		]);
 
 		]);
 
 
 
 		$this->view->onlyFeedsWithError = Minz_Request::paramBoolean('error');
 
 		$this->view->onlyFeedsWithError = Minz_Request::paramBoolean('error');
 
@@ -119,7 +119,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
 
 		$this->_csp([
 
 		$this->_csp([
 
 			'default-src' => "'self'",
 
 			'default-src' => "'self'",
 
 			'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
 
 			'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
 
-			'img-src' => "'self' blob:",
 
+			'img-src' => "'self' data: blob:",
 
 		]);
 
 		]);
 
 
 
 		if (Minz_Request::isPost()) {
 
 		if (Minz_Request::isPost()) {