removed CSP tag from shortenerproxy.php

2025-10-02 17:29:15 +02:00 · 2025-09-11 18:17:30 +01:00 · 2025-09-11 18:17:30 +01:00 · 24afa5a1d8
commit 24afa5a1d8
parent 191ed63b04
4 changed files with 2 additions and 4 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -2151,7 +2151,7 @@ jQuery.PrivateBin = (function($) {
                response = JSON.stringify(response);
            }
            if (typeof response === 'string' && response.length > 0) {
-                const shortUrlMatcher = /(?<=[>"])https?:\/\/[^\s"<]+(?=[<"])/g; // JSON API will have URL in quotes, XML in tags
+                const shortUrlMatcher = /https?:\/\/[^\s"<]+/g; // JSON API will have URL in quotes, XML in tags
                const shortUrl = (response.match(shortUrlMatcher) || []).filter(function(urlRegExMatch) {
                    if (typeof URL.canParse === 'function') {
                        return URL.canParse(urlRegExMatch);
--- a/js/test/PasteStatus.js
+++ b/js/test/PasteStatus.js
@ -149,7 +149,6 @@ describe('PasteStatus', function () {
                        '<html lang="en">\n' +
                        '\t<head>\n' +
                        '\t\t<meta charset="utf-8" />\n' +
-                        '\t\t<meta http-equiv="Content-Security-Policy" content="default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads">\n' +
                        '\t\t<meta name="robots" content="noindex" />\n' +
                        '\t\t<meta name="google" content="notranslate">\n' +
                        '\t\t<title>PrivateBin</title>\n' +
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@ -121,7 +121,7 @@ class Configuration
            'js/kjua-0.10.0.js'      => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==',
            'js/legacy.js'           => 'sha512-08+subq1Lo+r+la5ENqeXiMgNJcVaaTtBIFGkrjziSpvtgCId3Jtin4/OkSdHYSoeztwwIab8uvCzPKHta6puQ==',
            'js/prettify.js'         => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
-            'js/privatebin.js'       => 'sha512-L4auMI55jumH2yMuIgMEvGnAMM2U1bEmsQr70Oad43s2n+NhnJFZ1gpJXBBoov4Max1VKNVqZknVRMKy6E1M4w==',
+            'js/privatebin.js'       => 'sha512-Cor4acli/veLhX81YVTGQNkQ+poXsz0gRQUmLeJ6WebIXUlUi7ZQZ6lk1oIYesnBG3cV/stVT07cdVsByXoaJA==',
            'js/purify-3.2.6.js'     => 'sha512-zqwL4OoBLFx89QPewkz4Lz5CSA2ktU+f31fuECkF0iK3Id5qd3Zpq5dMby8KwHjIEpsUgOqwF58cnmcaNem0EA==',
            'js/showdown-2.1.0.js'   => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
            'js/zlib-1.3.1-1.js'     => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',
--- a/tpl/shortenerproxy.php
+++ b/tpl/shortenerproxy.php
@ -4,7 +4,6 @@ use PrivateBin\I18n;
 <html lang="<?php echo I18n::getLanguage(); ?>"<?php echo I18n::isRtl() ? ' dir="rtl"' : ''; ?>>
 	<head>
 		<meta charset="utf-8" />
-		<meta http-equiv="Content-Security-Policy" content="<?php echo I18n::encode($CSPHEADER); ?>">
 		<meta name="robots" content="noindex" />
 		<meta name="google" content="notranslate">
 		<title><?php echo I18n::_($NAME); ?></title>