diff --git a/deployments/examples/ocis_full/config/ocis/csp.yaml b/deployments/examples/ocis_full/config/ocis/csp.yaml index 62edbb5d200..82b2d18f0b7 100644 --- a/deployments/examples/ocis_full/config/ocis/csp.yaml +++ b/deployments/examples/ocis_full/config/ocis/csp.yaml @@ -13,6 +13,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''self''' frame-src: diff --git a/deployments/examples/ocis_keycloak/config/ocis/csp.yaml b/deployments/examples/ocis_keycloak/config/ocis/csp.yaml index bdd0f605723..3bbcf892a47 100644 --- a/deployments/examples/ocis_keycloak/config/ocis/csp.yaml +++ b/deployments/examples/ocis_keycloak/config/ocis/csp.yaml @@ -11,6 +11,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''none''' frame-src: diff --git a/deployments/examples/ocis_multi/config/ocis/csp-ocm.yaml b/deployments/examples/ocis_multi/config/ocis/csp-ocm.yaml index fca948d96b9..4d55599de93 100644 --- a/deployments/examples/ocis_multi/config/ocis/csp-ocm.yaml +++ b/deployments/examples/ocis_multi/config/ocis/csp-ocm.yaml @@ -10,6 +10,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''self''' frame-src: diff --git a/deployments/examples/ocis_multi/config/ocis/csp.yaml b/deployments/examples/ocis_multi/config/ocis/csp.yaml index bdd0f605723..3bbcf892a47 100644 --- a/deployments/examples/ocis_multi/config/ocis/csp.yaml +++ b/deployments/examples/ocis_multi/config/ocis/csp.yaml @@ -11,6 +11,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''none''' frame-src: diff --git a/deployments/examples/ocis_ocm/config/ocis/csp-ocm-next.yaml b/deployments/examples/ocis_ocm/config/ocis/csp-ocm-next.yaml index 30ac5ee7cb8..a33b960c63c 100644 --- a/deployments/examples/ocis_ocm/config/ocis/csp-ocm-next.yaml +++ b/deployments/examples/ocis_ocm/config/ocis/csp-ocm-next.yaml @@ -9,6 +9,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''self''' frame-src: diff --git a/deployments/examples/ocis_ocm/config/ocis/csp-ocm.yaml b/deployments/examples/ocis_ocm/config/ocis/csp-ocm.yaml index 68532bd766b..91365e37a90 100644 --- a/deployments/examples/ocis_ocm/config/ocis/csp-ocm.yaml +++ b/deployments/examples/ocis_ocm/config/ocis/csp-ocm.yaml @@ -9,6 +9,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''self''' frame-src: diff --git a/deployments/examples/ocis_ocm/config/ocis/csp.yaml b/deployments/examples/ocis_ocm/config/ocis/csp.yaml index f21b59b0b46..bc277bab4ac 100644 --- a/deployments/examples/ocis_ocm/config/ocis/csp.yaml +++ b/deployments/examples/ocis_ocm/config/ocis/csp.yaml @@ -9,6 +9,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''self''' frame-src: diff --git a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature index 2c401185b14..ef775e20c07 100644 --- a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature +++ b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature @@ -219,7 +219,7 @@ Feature: download file And the following headers should be set | header | value | | Content-Disposition | attachment; filename*=UTF-8''; filename="" | - | Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' | + | Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' | | X-Content-Type-Options | nosniff | | X-Frame-Options | SAMEORIGIN | | X-Permitted-Cross-Domain-Policies | none | @@ -246,7 +246,7 @@ Feature: download file And the following headers should be set | header | value | | Content-Disposition | attachment; filename*=UTF-8''%22quote%22double%22.txt; filename=""quote"double".txt" | - | Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' | + | Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' | | X-Content-Type-Options | nosniff | | X-Frame-Options | SAMEORIGIN | | X-Permitted-Cross-Domain-Policies | none | diff --git a/tests/config/drone/csp.yaml b/tests/config/drone/csp.yaml index bdd0f605723..3bbcf892a47 100644 --- a/tests/config/drone/csp.yaml +++ b/tests/config/drone/csp.yaml @@ -11,6 +11,7 @@ directives: - '''none''' font-src: - '''self''' + - 'data:' frame-ancestors: - '''none''' frame-src: