From 38c2d671e3480b8e9fb38491797e44fdea317006 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 21 Feb 2016 21:25:23 +0100
Subject: CSP different policies per controller

https://github.com/FreshRSS/FreshRSS/issues/1075
---
 app/FreshRSS.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'app/FreshRSS.php')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 62ea18d96..bfbd7a6eb 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -111,10 +111,16 @@ class FreshRSS extends Minz_FrontController {
 	}
 
 	public static function preLayout() {
-		if (Minz_Request::controllerName() === 'stats') {
-			header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
-		} else {
-			header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
+		switch (Minz_Request::controllerName()) {
+			case 'index':
+				header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
+				break;
+			case 'stats':
+				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
+				break;
+			default:
+				header("Content-Security-Policy: default-src 'self'");
+				break;
 		}
 	}
 
-- 
cgit v1.2.3