From b3f881748d968779120aa702142ed47eb66251ba Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 30 Oct 2014 00:00:40 +0100
Subject: [PATCH] Allow any outgoing XHR connections

Quickfix for https://github.com/owncloud/core/issues/11064
---
 config/config.sample.php | 2 +-
 lib/private/response.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index d3fa7508ce2..a53521485e6 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -831,7 +831,7 @@ $CONFIG = array(
 'custom_csp_policy' =>
 	"default-src 'self'; script-src 'self' 'unsafe-eval'; ".
 	"style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ".
-	"font-src 'self' data:; media-src *",
+	"font-src 'self' data:; media-src *; connect-src *",
 
 
 /**
diff --git a/lib/private/response.php b/lib/private/response.php
index caa382af776..cf18115111a 100644
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -212,7 +212,8 @@ class OC_Response {
 			. 'frame-src *; '
 			. 'img-src *; '
 			. 'font-src \'self\' data:; '
-			. 'media-src *');
+			. 'media-src *; ' 
+			. 'connect-src *');
 		header('Content-Security-Policy:' . $policy);
 
 		// https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
-- 
GitLab