[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA3-1804-g612598f

[Piotr Przybylski]

The branch, master has been updated
       via  612598fe7fbc6c6cf6305a798e9b48b435ea7a91 (commit)
      from  260cf97a06e2e2cb046093228d4267f8501823b7 (commit)


- Log -----------------------------------------------------------------
commit 612598fe7fbc6c6cf6305a798e9b48b435ea7a91
Author: Piotr Przybylski <piotrprz at gmail.com>
Date:   Fri Mar 4 23:06:49 2011 +0100

    Fix CSP header:
    * add 'self' for img-src and script-src
    * version.js access:
    - remove protocol (shorter and useful mainly when HTTPS is required)
    - remove path (invalid syntax, only hosts are allowed there)

-----------------------------------------------------------------------

Summary of changes:
 libraries/header_http.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libraries/header_http.inc.php b/libraries/header_http.inc.php
index f7c27b2..9ad890d 100644
--- a/libraries/header_http.inc.php
+++ b/libraries/header_http.inc.php
@@ -22,7 +22,7 @@ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
 /* Prevent against ClickJacking by allowing frames only from same origin */
 if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
     header('X-Frame-Options: SAMEORIGIN');
-    header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src data:; script-src http://www.phpmyadmin.net/home_page/version.js');
+    header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src \'self\' data:; script-src \'self\' www.phpmyadmin.net');
 }
 header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21
 header('Last-Modified: ' . $GLOBALS['now']);


hooks/post-receive
-- 
phpMyAdmin