Postal/snappymail
1
0
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2026-03-03 02:27:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Automatically add favicon host to CSP if present

Browse Source
This commit is contained in:
HeySora
2025-01-14 13:27:26 +01:00
parent 8bf4727555
commit 5bba3dac82
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
snappymail/v/0.0.0/app/libraries/RainLoop/Api.php
View File

@@ -42,6 +42,12 @@ abstract class Api
$CSP->report = $oConfig->Get('security', 'csp_report', false);
$CSP->report_only = $oConfig->Get('debug', 'enable', false); // || SNAPPYMAIL_DEV
// Allow favicon host, if present
$parsedFaviconUrl = parse_url($oConfig->Get('webmail', 'favicon_url', ''));
if (is_array($parsedFaviconUrl) && array_key_exists('host', $parsedFaviconUrl)) {
$CSP->add('img-src', $parsedFaviconUrl['host']);
}
// Allow https: due to remote images in e-mails or use proxy
if (!$oConfig->Get('labs', 'use_local_proxy_for_external_images', '')) {
$CSP->add('img-src', 'https:');