Remove unsafe authorization (#1184)

2017-03-16 06:30:30 +00:00 · 2017-03-16 06:30:30 +00:00 · 03339738b7
commit 03339738b7
parent b85cedcc3e
4 changed files with 4 additions and 4 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -31,7 +31,7 @@ sub defaultValues {
        'cspFont'                  => '\'self\'',
        'cspImg'                   => '\'self\' data:',
        'cspScript'                => '\'self\'',
-        'cspStyle'                 => '\'self\' \'unsafe-inline\'',
+        'cspStyle'                 => '\'self\'',
        'dbiAuthnLevel'            => 2,
        'dbiExportedVars'          => {},
        'demoExportedVars'         => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -833,7 +833,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'type'    => 'text'
        },
        'cspStyle' => {
-            'default' => '\'self\' \'unsafe-inline\'',
+            'default' => '\'self\'',
            'type'    => 'text'
        },
        'customAddParams' => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -477,7 +477,7 @@ sub attributes {
        },
        cspStyle => {
            type          => 'text',
-            default       => "'self' 'unsafe-inline'",
+            default       => "'self'",
            documentation => 'Style source for Content-Security-Policy',
        },
        cspConnect => {
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json