Skip to content

Commit

Permalink
Automatically add favicon host to CSP if present
Browse files Browse the repository at this point in the history
  • Loading branch information
@HeySora
HeySora committed Jan 14, 2025
1 parent 8bf4727 commit 5bba3da
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions snappymail/v/0.0.0/app/libraries/RainLoop/Api.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,12 @@ public static function getCSP(?string $sScriptNonce = null) : \SnappyMail\HTTP\C
$CSP->report = $oConfig->Get('security', 'csp_report', false);
$CSP->report_only = $oConfig->Get('debug', 'enable', false); // || SNAPPYMAIL_DEV

// Allow favicon host, if present
$parsedFaviconUrl = parse_url($oConfig->Get('webmail', 'favicon_url', ''));
if (is_array($parsedFaviconUrl) && array_key_exists('host', $parsedFaviconUrl)) {
$CSP->add('img-src', $parsedFaviconUrl['host']);
}

// Allow https: due to remote images in e-mails or use proxy
if (!$oConfig->Get('labs', 'use_local_proxy_for_external_images', '')) {
$CSP->add('img-src', 'https:');
Expand Down

0 comments on commit 5bba3da

Please sign in to comment.