diff options
Diffstat (limited to 'lib/Controller/PageController.php')
-rw-r--r-- | lib/Controller/PageController.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 96b541de6..7cc11196c 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -262,6 +262,14 @@ class PageController extends Controller { $csp = new ContentSecurityPolicy(); $csp->addAllowedConnectDomain('*'); $csp->addAllowedMediaDomain('blob:'); + $csp->addAllowedWorkerSrcDomain('blob:'); + $csp->addAllowedWorkerSrcDomain("'self'"); + $csp->addAllowedChildSrcDomain('blob:'); + $csp->addAllowedChildSrcDomain("'self'"); + $csp->addAllowedScriptDomain('blob:'); + $csp->addAllowedScriptDomain("'self'"); + $csp->addAllowedConnectDomain('blob:'); + $csp->addAllowedConnectDomain("'self'"); $csp->addAllowedImageDomain('https://*.tile.openstreetmap.org'); $response->setContentSecurityPolicy($csp); return $response; @@ -315,6 +323,14 @@ class PageController extends Controller { $csp = new ContentSecurityPolicy(); $csp->addAllowedConnectDomain('*'); $csp->addAllowedMediaDomain('blob:'); + $csp->addAllowedWorkerSrcDomain('blob:'); + $csp->addAllowedWorkerSrcDomain("'self'"); + $csp->addAllowedChildSrcDomain('blob:'); + $csp->addAllowedChildSrcDomain("'self'"); + $csp->addAllowedScriptDomain('blob:'); + $csp->addAllowedScriptDomain("'self'"); + $csp->addAllowedConnectDomain('blob:'); + $csp->addAllowedConnectDomain("'self'"); $csp->addAllowedImageDomain('https://*.tile.openstreetmap.org'); $response->setContentSecurityPolicy($csp); return $response; |