From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from localhost (mandoc.bsd.lv [local])
	by mandoc.bsd.lv (OpenSMTPD) with ESMTPA id 3e1e4d05
	for <source@mandoc.bsd.lv>;
	Fri, 8 Nov 2019 03:51:52 -0500 (EST)
Date: Fri, 8 Nov 2019 03:51:52 -0500 (EST)
X-Mailinglist: mandoc-source
Reply-To: source@mandoc.bsd.lv
MIME-Version: 1.0
From: schwarze@mandoc.bsd.lv
To: source@mandoc.bsd.lv
Subject: cvsweb: fix typo in the Content-Security-Policy "image-src", and no need 
X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/
Content-Type: text/plain; charset=utf-8
Message-ID: <8d07647683cdbb9f@mandoc.bsd.lv>

Log Message:
-----------
fix typo in the Content-Security-Policy "image-src",
and no need to allow external style sheets at this time

Tags:
----
FreeBSD-cvsweb-2_0-branch

Modified Files:
--------------
    cvsweb:
        cvsweb.cgi

Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 3.119.2.23
retrieving revision 3.119.2.24
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r3.119.2.23 -r3.119.2.24
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -3559,13 +3559,13 @@ sub http_header(;$) {
 	if ($is_mod_perl) {
 		Apache->request->content_type($content_type);
 		Apache->request->header_out("Content-Security-Policy" =>
-		    "default-src 'none'; image-src 'self'; " .
-		    "style-src 'self' 'unsafe-inline'");
+		    "default-src 'none'; img-src 'self'; " .
+		    "style-src 'unsafe-inline'");
 	} else {
 		print "Content-Type: $content_type\r\n";
 		print "Content-Security-Policy: ",
-		    "default-src 'none'; image-src 'self'; ",
-		    "style-src 'self' 'unsafe-inline';\r\n";
+		    "default-src 'none'; img-src 'self'; ",
+		    "style-src 'unsafe-inline';\r\n";
 	}
 
 	if ($allow_compress && $maycompress) {
--
 To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv