Dereku/snappymail
1
0
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2026-06-26 08:16:44 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Automatically add favicon host to CSP if present

Browse source
This commit is contained in:
HeySora 2025-01-14 13:27:26 +01:00
parent 8bf4727555
commit 5bba3dac82
No known key found for this signature in database
GPG key ID: 4D7EA911B823C340
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
snappymail/v/0.0.0/app/libraries/RainLoop/Api.php
View file

@ -42,6 +42,12 @@ abstract class Api
$CSP->report = $oConfig->Get('security', 'csp_report', false);
$CSP->report_only = $oConfig->Get('debug', 'enable', false); // || SNAPPYMAIL_DEV
// Allow favicon host, if present
$parsedFaviconUrl = parse_url($oConfig->Get('webmail', 'favicon_url', ''));
if (is_array($parsedFaviconUrl) && array_key_exists('host', $parsedFaviconUrl)) {
$CSP->add('img-src', $parsedFaviconUrl['host']);
}
// Allow https: due to remote images in e-mails or use proxy
if (!$oConfig->Get('labs', 'use_local_proxy_for_external_images', '')) {
$CSP->add('img-src', 'https:');