the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-09-08 06:04:14 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1891 from HeySora/master

Browse source 
Automatically add favicon host to CSP if present
This commit is contained in:
Maarten 2025-03-10 16:43:35 +01:00 committed by GitHub
commit a024d34f6d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
snappymail/v/0.0.0/app/libraries/RainLoop/Api.php
View file

@ -42,6 +42,12 @@ abstract class Api
$CSP->report = $oConfig->Get('security', 'csp_report', false);
$CSP->report_only = $oConfig->Get('debug', 'enable', false); // || SNAPPYMAIL_DEV
// Allow favicon host, if present
$parsedFaviconUrl = parse_url($oConfig->Get('webmail', 'favicon_url', ''));
if (is_array($parsedFaviconUrl) && array_key_exists('host', $parsedFaviconUrl)) {
$CSP->add('img-src', $parsedFaviconUrl['host']);
}
// Allow https: due to remote images in e-mails or use proxy
if (!$oConfig->Get('labs', 'use_local_proxy_for_external_images', '')) {
$CSP->add('img-src', 'https:');