[Phpmyadmin-devel] CSP and new version check

Michal Čihař michal at cihar.com
Fri Mar 4 15:17:47 CET 2011


Dne Thu, 3 Mar 2011 12:44:59 +0100
Piotr Przybylski <piotr.prz at gmail.com> napsal(a):

> Version check fails with current trunk and browsers supporting Content
> Security Policy (eg. FF 4.0b12):
> "CSP: Directive "allow http://localhost" violated by
> http://www.phpmyadmin.net/home_page/version.js"
> We should specify script-src with 'self' and www.phpmyadmin.net as
> allowed script sources.

And we probably need img-src data as well in the policy for charts.

Looking into this and will commit fix soon.

	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110304/58cead00/attachment.sig>

More information about the Developers mailing list