wsd: fix malformed img-src field

The generated field is img-src 'self' data: https://www.collaboraoffice.com/https://*:* ...; while a space was expected before the "https://*:*" This was introduced with 7e94149ec476445a445ffcd0922d83b1c60c5c64 wsd: Only add one img-src rule to the CSP header Signed-off-by: Thomas Lehmann <t.lehmann@strato-rz.de> Change-Id: Ia900bb2508e7f04b111160001c6602e87eae2023
author: Thomas Lehmann <t.lehmann@strato-rz.de> 2022-01-24 15:30:31 +0100
committer: Andras Timar <andras.timar@collabora.com> 2022-01-25 22:06:24 +0100
commit: b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432 (patch)
tree: cad0fa07290630bcab079617a5e428dad062b38c
parent: Update UNO translations (diff)
download: online-b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432.tar.gz
online-b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 0fb30990e9..c20e29d3ae 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -892,7 +892,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
         // X-Frame-Options supports only one ancestor, ignore that
         //(it's deprecated anyway and CSP works in all major browsers)
         // frame anchestors are also allowed for img-src in order to load the views avatars
-        cspOss << imgSrc << frameAncestors << "; "
+        cspOss << imgSrc << " " << frameAncestors << "; "
                 << "frame-ancestors " << frameAncestors;
         std::string escapedFrameAncestors;
         Poco::URI::encode(frameAncestors, "'", escapedFrameAncestors);
author	Thomas Lehmann <t.lehmann@strato-rz.de>	2022-01-24 15:30:31 +0100
committer	Andras Timar <andras.timar@collabora.com>	2022-01-25 22:06:24 +0100
commit	b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432 (patch)
tree	cad0fa07290630bcab079617a5e428dad062b38c
parent	Update UNO translations (diff)
download	online-b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432.tar.gz online-b2fec1114cf45b43cb61d6d7e1b8cc4fd64b5432.zip