mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 14:41:29 +01:00
do not add path of url to CSP
This commit is contained in:
parent
ca8742e10b
commit
7428e2d7cd
@ -86,6 +86,11 @@ class ContentSecurityPolicy
|
||||
{
|
||||
$attr = "'$attr'"; // automatic add quotes
|
||||
}
|
||||
// only add scheme and host, not path
|
||||
elseif ($source !== 'report-uri' && ($parsed=parse_url($attr)) && !empty($parsed['scheme']) && !empty($parsed['path']))
|
||||
{
|
||||
$attr = $parsed['scheme'].'://'.$parsed['host'].(!empty($parsed['port']) ? ':'.$parsed['port'] : '');
|
||||
}
|
||||
if (!in_array($attr, self::$sources[$source]))
|
||||
{
|
||||
self::$sources[$source][] = $attr;
|
||||
|
Loading…
Reference in New Issue
Block a user