From 57bf25d39f12d620693f26068b8441b4f3f0b6c0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 23 Feb 2023 09:47:49 -0500 Subject: [PATCH] Correct the syntax of the CSP --- web/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index a2e843e1a..4826e0526 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -55,7 +55,7 @@ function CSPHeaders($view, $nonce) { // fall through default: // Enforce script-src on pages where inline scripts and event handlers have been fixed. - header("Content-Security-Policy: script-src 'self' object-src 'self' 'nonce-$nonce' $additionalScriptSrc". + header("Content-Security-Policy: object-src 'self'; script-src 'self' 'nonce-$nonce' $additionalScriptSrc". (ZM_CSP_REPORT_URI ? '; report-uri '.ZM_CSP_REPORT_URI : '' ) ); break;