references/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-14 03:29:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: csp regressions (#38047)

Browse Source 
fix #37257 , all details are in the comments
This commit is contained in:
wxiaoguang
2026-06-12 08:36:05 +08:00
committed by GitHub
parent e473505d64
commit 4f4a0a79ac
27 changed files with 159 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/context/context_template.go
+3
View File
@@ -115,6 +115,9 @@ func (c TemplateContext) CspScriptNonce() (ret string) {
}
func (c TemplateContext) HeadMetaContentSecurityPolicy() template.HTML {
if setting.Security.ContentSecurityPolicyGeneral == "unset" {
return "" // if site admin disables the general CSP, then we don't use it
}
// The CSP problem is more complicated than it looks.
// Gitea was designed to support various "customizations", including:
// * custom themes (custom CSS and JS)