[20/22] couch commit: updated refs/heads/2491-refactor-couch-httpd-auth to 3e8286d

Thu, 04 Dec 2014 12:10:06 -0800 

Fix default CSP setting for Ace Editor

Like @sebastianrothbucher noticed in apache/couchdb-fauxton#5
the Ace editor needs base64 image data as image source for their
icons


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/741a82d4
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/741a82d4
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/741a82d4

Branch: refs/heads/2491-refactor-couch-httpd-auth
Commit: 741a82d4cfda424bba5545a2219ecc2c4cf919c3
Parents: cb52507
Author: Robert Kowalski <[email protected]>
Authored: Tue Jul 22 19:22:02 2014 +0200
Committer: Robert Kowalski <[email protected]>
Committed: Fri Nov 28 21:51:51 2014 +0100

----------------------------------------------------------------------
 src/couch_httpd_misc_handlers.erl | 2 +-
 test/couchdb_csp_tests.erl        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/741a82d4/src/couch_httpd_misc_handlers.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd_misc_handlers.erl 
b/src/couch_httpd_misc_handlers.erl
index 06fed5e..e90140f 100644
--- a/src/couch_httpd_misc_handlers.erl
+++ b/src/couch_httpd_misc_handlers.erl
@@ -81,7 +81,7 @@ handle_utils_dir_req(Req, _) ->
     send_method_not_allowed(Req, "GET,HEAD").
 
 maybe_add_csp_headers(Headers, "true") ->
-    DefaultValues = "default-src 'self'; img-src 'self'; font-src 'self'; "
+    DefaultValues = "default-src 'self'; img-src 'self' data:; font-src 
'self'; "
                     "script-src 'self' 'unsafe-eval'; style-src 'self' 
'unsafe-inline';",
     Value = config:get("csp", "header_value", DefaultValues),
     [{"Content-Security-Policy", Value} | Headers];

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/741a82d4/test/couchdb_csp_tests.erl
----------------------------------------------------------------------
diff --git a/test/couchdb_csp_tests.erl b/test/couchdb_csp_tests.erl
index 3dbe6e3..5eb33f9 100644
--- a/test/couchdb_csp_tests.erl
+++ b/test/couchdb_csp_tests.erl
@@ -57,7 +57,7 @@ should_not_return_any_csp_headers_when_disabled(Url) ->
 
 should_apply_default_policy(Url) ->
     ?_assertEqual(
-        "default-src 'self'; img-src 'self'; font-src 'self'; "
+        "default-src 'self'; img-src 'self' data:; font-src 'self'; "
         "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
         begin
             {ok, _, Headers, _} = test_request:get(Url),

Reply via email to