diff options
author | Thomas Lehmann <t.lehmann@strato-rz.de> | 2022-01-24 15:30:31 +0100 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2022-01-25 22:06:24 +0100 |
commit | b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432 (patch) | |
tree | cad0fa07290630bcab079617a5e428dad062b38c | |
parent | Update UNO translations (diff) | |
download | online-b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432.tar.gz online-b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432.zip |
wsd: fix malformed img-src field
The generated field is
img-src 'self' data: https://www.collaboraoffice.com/https://*:* ...;
while a space was expected before the "https://*:*"
This was introduced with
7e94149ec476445a445ffcd0922d83b1c60c5c64
wsd: Only add one img-src rule to the CSP header
Signed-off-by: Thomas Lehmann <t.lehmann@strato-rz.de>
Change-Id: Ia900bb2508e7f04b111160001c6602e87eae2023
-rw-r--r-- | wsd/FileServer.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 0fb30990e9..c20e29d3ae 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -892,7 +892,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, // X-Frame-Options supports only one ancestor, ignore that //(it's deprecated anyway and CSP works in all major browsers) // frame anchestors are also allowed for img-src in order to load the views avatars - cspOss << imgSrc << frameAncestors << "; " + cspOss << imgSrc << " " << frameAncestors << "; " << "frame-ancestors " << frameAncestors; std::string escapedFrameAncestors; Poco::URI::encode(frameAncestors, "'", escapedFrameAncestors); |