You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ro...@apache.org on 2014/09/06 17:16:53 UTC

couch commit: updated refs/heads/fix-csp to 6f626a2

Repository: couchdb-couch
Updated Branches:
  refs/heads/fix-csp [created] 6f626a27d


Fix default CSP setting for Ace Editor

Like @sebastianrothbucher noticed in apache/couchdb-fauxton#5
the Ace editor needs base64 image data as image source for their
icons


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/6f626a27
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/6f626a27
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/6f626a27

Branch: refs/heads/fix-csp
Commit: 6f626a27d05c5944a5357535bb119e14f70e89ce
Parents: db58e79
Author: Robert Kowalski <ro...@kowalski.gd>
Authored: Tue Jul 22 19:22:02 2014 +0200
Committer: Robert Kowalski <ro...@kowalski.gd>
Committed: Sat Sep 6 17:04:29 2014 +0200

----------------------------------------------------------------------
 src/couch_httpd_misc_handlers.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/6f626a27/src/couch_httpd_misc_handlers.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd_misc_handlers.erl b/src/couch_httpd_misc_handlers.erl
index 8101cdf..d13042e 100644
--- a/src/couch_httpd_misc_handlers.erl
+++ b/src/couch_httpd_misc_handlers.erl
@@ -81,7 +81,7 @@ handle_utils_dir_req(Req, _) ->
     send_method_not_allowed(Req, "GET,HEAD").
 
 maybe_add_csp_headers(Headers, "true") ->
-    DefaultValues = "default-src 'self'; img-src 'self'; font-src 'self'; "
+    DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 'self'; "
                     "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
     Value = config:get("csp", "header_value", DefaultValues),
     [{"Content-Security-Policy", Value} | Headers];