extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-05 01:32:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

do not add path of url to CSP

Browse Source
This commit is contained in:
Ralf Becker 2020-07-07 13:18:28 +02:00
parent ca8742e10b
commit 7428e2d7cd
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/Header/ContentSecurityPolicy.php
View File

@ -86,6 +86,11 @@ class ContentSecurityPolicy
{
$attr = "'$attr'"; // automatic add quotes
}
// only add scheme and host, not path
elseif ($source !== 'report-uri' && ($parsed=parse_url($attr)) && !empty($parsed['scheme']) && !empty($parsed['path']))
{
$attr = $parsed['scheme'].'://'.$parsed['host'].(!empty($parsed['port']) ? ':'.$parsed['port'] : '');
}
if (!in_array($attr, self::$sources[$source]))
{
self::$sources[$source][] = $attr;