the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-02-24 23:08:08 +08:00
Code Issues Projects Releases Packages Wiki Activity

Resolve unknown CSP directive 'strict-dynamic' in Safari 13.1.2

Browse source
This commit is contained in:
the-djmaze 2023-01-17 15:49:35 +01:00
parent b2ca7f50ad
commit dcd1d1cbd4
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
View file

@ -10,9 +10,11 @@ class CSP
public
$base = ["'self'"],
$default = ["'self'"],
// Knockout.js requires unsafe-inline?
// Knockout.js requires eval() for observable binding purposes
$script = ["'strict-dynamic'", "'unsafe-eval'"],
// Safari < 15.4 does not support strict-dynamic
// $script = ["'strict-dynamic'", "'unsafe-eval'"],
$script = ["'self'", "'unsafe-eval'"],
// Knockout.js requires unsafe-inline?
// $script = ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
$img = ["'self'", 'data:'],
$style = ["'self'", "'unsafe-inline'"],
@ -28,7 +30,7 @@ class CSP
foreach (\explode(';', $default) as $directive) {
$values = \explode(' ', $directive);
$name = \preg_replace('/-.+/', '', \trim(\array_shift($values)));
$this->$name = $values;
$this->$name = \array_unique(\array_merge($this->$name, $values));
}
}
}