Commit 7506d45f authored by ale's avatar ale

Support report-to and report-uri in the CSP plugin

parent 25cf829b
Pipeline #9276 passed with stages
in 3 minutes and 16 seconds
......@@ -30,6 +30,14 @@ class csp extends rcube_plugin {
"script-src 'self' {$proto}://{$host}{$path} 'unsafe-inline' 'unsafe-eval' {$src_sso}; " .
"style-src 'self' 'unsafe-inline' {$src_sso}; " .
"object-src 'none'");
$report_uri = $rcmail->config->get('csp_report_uri', '');
if($report_uri != '') {
$csp_header .= '; report-uri ' . $report_uri;
}
$report_to = $rcmail->config->get('csp_report_to', '');
if($report_to != '') {
$csp_header .= '; report-to ' . $report_to;
}
header("Content-Security-Policy: {$csp_header}");
return $content;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment