aboutsummaryrefslogtreecommitdiffstats
path: root/includes/ContentSecurityPolicy.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/ContentSecurityPolicy.php')
-rw-r--r--includes/ContentSecurityPolicy.php11
1 files changed, 11 insertions, 0 deletions
diff --git a/includes/ContentSecurityPolicy.php b/includes/ContentSecurityPolicy.php
index 6866f089e2d0..cfba053b98b3 100644
--- a/includes/ContentSecurityPolicy.php
+++ b/includes/ContentSecurityPolicy.php
@@ -254,6 +254,14 @@ class ContentSecurityPolicy {
}
}
}
+ // Default value 'none'. true is none, false is nothing, string is single directive,
+ // array is list.
+ if ( !isset( $policyConfig['object-src'] ) || $policyConfig['object-src'] === true ) {
+ $objectSrc = [ "'none'" ];
+ } else {
+ $objectSrc = (array)( $policyConfig['object-src'] ?: [] );
+ }
+ $objectSrc = array_map( [ $this, 'escapeUrlForCSP' ], $objectSrc );
$directives = [];
if ( $scriptSrc ) {
@@ -268,6 +276,9 @@ class ContentSecurityPolicy {
if ( $imgSrc ) {
$directives[] = 'img-src ' . implode( ' ', array_unique( $imgSrc ) );
}
+ if ( $objectSrc ) {
+ $directives[] = 'object-src ' . implode( ' ', $objectSrc );
+ }
if ( $reportUri ) {
$directives[] = 'report-uri ' . $reportUri;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 05:13:39 +0000