Fix CSP to allow inline style and refresh

Add filter to all webapps
2014-07-26 11:01:16 +00:00
parent 99401c5639
commit 4746d9eb80
16 changed files with 56 additions and 11 deletions
--- a/apps/routerconsole/jsp/css.jsi
+++ b/apps/routerconsole/jsp/css.jsi
@ -32,7 +32,7 @@
   // clickjacking
   if (intl.shouldSendXFrame()) {
      response.setHeader("X-Frame-Options", "SAMEORIGIN");
-      response.setHeader("Content-Security-Policy", "default-src 'self'");
+      response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
      response.setHeader("X-XSS-Protection", "1; mode=block");
   }