aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEl RIDO <[email protected]>2022-03-27 08:45:33 +0200
committerEl RIDO <[email protected]>2022-03-27 08:45:33 +0200
commit11b16fc6fd5eca59cabf49ae65fa0a122ed6e669 (patch)
tree3ef27a86828cdd3443e01bb80850d77384ee3f72
parent2b509d0475227a718b447b43d968d0aba87cba34 (diff)
downloadprivatebin-11b16fc6fd5eca59cabf49ae65fa0a122ed6e669.tar.gz
privatebin-11b16fc6fd5eca59cabf49ae65fa0a122ed6e669.tar.bz2
privatebin-11b16fc6fd5eca59cabf49ae65fa0a122ed6e669.zip
removed directive needed for the PDF preview in FireFox < 78hardening
fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=1582115 and https://bugzilla.mozilla.org/show_bug.cgi?id=1638826 for FF 78
-rw-r--r--cfg/conf.sample.php2
-rw-r--r--lib/Configuration.php2
2 files changed, 2 insertions, 2 deletions
diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php
index 4d21dc3e..e4586854 100644
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@@ -87,7 +87,7 @@ languageselection = false
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
-; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
+; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
diff --git a/lib/Configuration.php b/lib/Configuration.php
index eac6854f..de065219 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -54,7 +54,7 @@ class Configuration
'urlshortener' => '',
'qrcode' => true,
'icon' => 'identicon',
- 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
+ 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
'zerobincompatibility' => false,
'httpwarning' => true,
'compression' => 'zlib',