genuineparts/alltube
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updates

Browse source
This commit is contained in:
genuineparts 2025-05-01 13:04:14 +02:00
parent 912aa99054
commit 22437918d9
4 changed files with 44 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
classes/Middleware/CspMiddleware.php
View file

@ -45,13 +45,13 @@ class CspMiddleware
->addDirective('base-uri', [])
->addDirective('frame-ancestors', [])
->addSource('form-action', '*')
->addSource('img-src', '*');
->addSource('img-src', '*')
->addSource('img-src', 'data:');
if ($this->config->debug) {
// So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
$csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
->addSource('img-src', 'data:');
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
}
return $csp->injectCSPHeader($response);