Allow execution of inline scripts, at least for now.

2022-01-17 20:25:25 +00:00 · 2022-01-17 20:25:25 +00:00 · d96bc14516
commit d96bc14516
parent 318f433f22
1 changed files with 2 additions and 2 deletions
--- a/src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java
+++ b/src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java
@ -119,7 +119,7 @@ public class ArbitraryDataRenderer {
                byte[] data = Files.readAllBytes(Paths.get(filePath)); // TODO: limit file size that can be read into memory
                HTMLParser htmlParser = new HTMLParser(resourceId, inPath, prefix, usePrefix, data);
                htmlParser.addAdditionalHeaderTags();
-                response.addHeader("Content-Security-Policy", "default-src 'self'");
+                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline'");
                response.setContentType(context.getMimeType(filename));
                response.setContentLength(htmlParser.getData().length);
                response.getOutputStream().write(htmlParser.getData());
@ -128,7 +128,7 @@ public class ArbitraryDataRenderer {
                // Regular file - can be streamed directly
                File file = new File(filePath);
                FileInputStream inputStream = new FileInputStream(file);
-                response.addHeader("Content-Security-Policy", "default-src 'self'");
+                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline'");
                response.setContentType(context.getMimeType(filename));
                int bytesRead, length = 0;
                byte[] buffer = new byte[10240];