Update RequestsController.php

TheFRedFox · TheFRedFox · commit c214f8cbd0bd · 2015-10-09T12:00:08.000+02:00
Unsets the Content-Security-Policy "inside" the iframe. The iframe will be loaded with user's CSP, but doesn't need any CSP inside the iframe as it will just be used in development. Force unset, as it could be set anywhere else in the user's original application.
diff --git a/src/Controller/RequestsController.php b/src/Controller/RequestsController.php
@@ -37,7 +37,7 @@ public function beforeFilter(Event $event)
             throw new NotFoundException();
         }
 
-        $this->response->header(['Content-Security-Policy' => "default-src 'self'; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com"]);
+        $this->response->header(['Content-Security-Policy' => '']);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public function beforeFilter(Event $event)`
`37`	`37`	`throw new NotFoundException();`
`38`	`38`	`}`
`39`	`39`
`40`		`- $this->response->header(['Content-Security-Policy' => "default-src 'self'; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com"]);`
	`40`	`+ $this->response->header(['Content-Security-Policy' => '']);`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`/**`