re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side

2021-04-18 21:05:32 +02:00
parent 83620d7eb5
commit fcb6422663
2 changed files with 2 additions and 2 deletions
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -55,7 +55,7 @@ class Configuration
            'urlshortener'             => '',
            'qrcode'                   => true,
            'icon'                     => 'identicon',
-            'cspheader'                => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-popups allow-modals allow-downloads',
+            'cspheader'                => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
            'zerobincompatibility'     => false,
            'httpwarning'              => true,
            'compression'              => 'zlib',