[Phpmyadmin-devel] CSP and new version check
Michal Čihař
michal at cihar.com
Fri Mar 4 15:17:47 CET 2011
Hi
Dne Thu, 3 Mar 2011 12:44:59 +0100
Piotr Przybylski <piotr.prz at gmail.com> napsal(a):
> Version check fails with current trunk and browsers supporting Content
> Security Policy (eg. FF 4.0b12):
> "CSP: Directive "allow http://localhost" violated by
> http://www.phpmyadmin.net/home_page/version.js"
>
> We should specify script-src with 'self' and www.phpmyadmin.net as
> allowed script sources.
And we probably need img-src data as well in the policy for charts.
Looking into this and will commit fix soon.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110304/58cead00/attachment.sig>
More information about the Developers
mailing list