40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 9900159635d616f01fb1be98ef94145637d06d07 Mon Sep 17 00:00:00 2001
|
|
From: Sam Feifer <sfeifer@redhat.com>
|
|
Date: Tue, 13 May 2025 11:33:22 -0400
|
|
Subject: [PATCH] fix CVE-2025-4123
|
|
|
|
---
|
|
conf/defaults.ini | 2 +-
|
|
conf/sample.ini | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/conf/defaults.ini b/conf/defaults.ini
|
|
index 2d6e1235b60..cf1ce8a962f 100644
|
|
--- a/conf/defaults.ini
|
|
+++ b/conf/defaults.ini
|
|
@@ -310,7 +310,7 @@ x_xss_protection = true
|
|
|
|
# Enable adding the Content-Security-Policy header to your requests.
|
|
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
|
|
-content_security_policy = false
|
|
+content_security_policy = true
|
|
|
|
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
|
|
# $NONCE in the template includes a random nonce.
|
|
diff --git a/conf/sample.ini b/conf/sample.ini
|
|
index 227c90e895d..19afa036b9b 100644
|
|
--- a/conf/sample.ini
|
|
+++ b/conf/sample.ini
|
|
@@ -310,7 +310,7 @@
|
|
|
|
# Enable adding the Content-Security-Policy header to your requests.
|
|
# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
|
|
-;content_security_policy = false
|
|
+;content_security_policy = true
|
|
|
|
# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
|
|
# $NONCE in the template includes a random nonce.
|
|
--
|
|
2.49.0
|
|
|