diff options
| author | El RIDO <[email protected]> | 2022-03-27 08:45:33 +0200 |
|---|---|---|
| committer | El RIDO <[email protected]> | 2022-03-27 08:45:33 +0200 |
| commit | 11b16fc6fd5eca59cabf49ae65fa0a122ed6e669 (patch) | |
| tree | 3ef27a86828cdd3443e01bb80850d77384ee3f72 | |
| parent | 2b509d0475227a718b447b43d968d0aba87cba34 (diff) | |
| download | privatebin-11b16fc6fd5eca59cabf49ae65fa0a122ed6e669.tar.gz privatebin-11b16fc6fd5eca59cabf49ae65fa0a122ed6e669.tar.bz2 privatebin-11b16fc6fd5eca59cabf49ae65fa0a122ed6e669.zip | |
removed directive needed for the PDF preview in FireFox < 78hardening
fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=1582115 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1638826 for FF 78
| -rw-r--r-- | cfg/conf.sample.php | 2 | ||||
| -rw-r--r-- | lib/Configuration.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 4d21dc3e..e4586854 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -87,7 +87,7 @@ languageselection = false ; async functions and display an error if not and for Chrome to enable ; webassembly support (used for zlib compression). You can remove it if Chrome ; doesn't need to be supported and old browsers don't need to be warned. -; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" +; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" ; stay compatible with PrivateBin Alpha 0.19, less secure ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of diff --git a/lib/Configuration.php b/lib/Configuration.php index eac6854f..de065219 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -54,7 +54,7 @@ class Configuration 'urlshortener' => '', 'qrcode' => true, 'icon' => 'identicon', - 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads', + 'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads', 'zerobincompatibility' => false, 'httpwarning' => true, 'compression' => 'zlib', |