Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-08-03 12:06:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add CSP sandbox

Browse source 
Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
This commit is contained in:
rugk 2017-02-01 18:34:13 +01:00
parent 368aa2305b
commit e9b10f9e2d
No known key found for this signature in database
GPG key ID: 05D40A636AFAB34D
4 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
cfg/conf.ini.sample
View file

@ -63,7 +63,8 @@ languageselection = false
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of