From 260cf97a06e2e2cb046093228d4267f8501823b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Fri, 4 Mar 2011 15:19:01 +0100 Subject: [PATCH] Allow loading version information using javascript in CSP --- libraries/header_http.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/header_http.inc.php b/libraries/header_http.inc.php index 1cf8b47e7..f7c27b23a 100644 --- a/libraries/header_http.inc.php +++ b/libraries/header_http.inc.php @@ -22,7 +22,7 @@ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; /* Prevent against ClickJacking by allowing frames only from same origin */ if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) { header('X-Frame-Options: SAMEORIGIN'); - header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src data:'); + header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src data:; script-src http://www.phpmyadmin.net/home_page/version.js'); } header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21 header('Last-Modified: ' . $GLOBALS['now']);