smeserver/smeserver-roundcube
6
0
Fork 0
generated from smedev/Template-for-SMEServer-Core-Package
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Fri Jan 03 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.6-5.sme

Browse Source 
- set more relaxed CSP for roundcube [SME: 12861]
This commit is contained in:
Jean-Philippe Pialasse
2025-01-03 14:48:56 -05:00
parent 7f03032404
commit b6255d91c3
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases
View File

@@ -23,6 +23,12 @@
} else {
$OUT .= " Alias /$place $dirs{$place}\n";
}
$OUT .= " <Location '/$place'>\n";
# strict CSP not yet supported see https://github.com/roundcube/roundcubemail/issues/6202 and few others
$OUT .= " Header set Content-Security-Policy \"default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self'; connect-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self';\"\n";
$OUT .= " </Location>\n";
}
}