[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA3-1803-g260cf97
Michal Čihař
nijel at users.sourceforge.net
Fri Mar 4 15:19:38 CET 2011
The branch, master has been updated
via 260cf97a06e2e2cb046093228d4267f8501823b7 (commit)
via 29afe63e29d2af2e77744eec12110023efe5db9f (commit)
from 31c76833626b90a28e33fda7f042a67417bc2851 (commit)
- Log -----------------------------------------------------------------
commit 260cf97a06e2e2cb046093228d4267f8501823b7
Author: Michal Čihař <mcihar at novell.com>
Date: Fri Mar 4 15:19:01 2011 +0100
Allow loading version information using javascript in CSP
commit 29afe63e29d2af2e77744eec12110023efe5db9f
Author: Michal Čihař <mcihar at novell.com>
Date: Fri Mar 4 15:17:32 2011 +0100
Allow data: for <img> in CSP
-----------------------------------------------------------------------
Summary of changes:
libraries/header_http.inc.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libraries/header_http.inc.php b/libraries/header_http.inc.php
index 6086f38..f7c27b2 100644
--- a/libraries/header_http.inc.php
+++ b/libraries/header_http.inc.php
@@ -22,7 +22,7 @@ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
/* Prevent against ClickJacking by allowing frames only from same origin */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
header('X-Frame-Options: SAMEORIGIN');
- header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'');
+ header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src data:; script-src http://www.phpmyadmin.net/home_page/version.js');
}
header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21
header('Last-Modified: ' . $GLOBALS['now']);
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list