From c9132db422150b448bbaca57ca8392ba0fd667e9 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 19 Apr 2018 12:57:38 +0200
Subject: [PATCH] remove Content-Security-Policy "default-src 'self'; see
 https://github.com/opnsense/core/pull/2212

---
 .../mvc/app/controllers/OPNsense/Base/ControllerBase.php        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
index 3416ba3ff..dbbbe5f2c 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -207,7 +207,7 @@ class ControllerBase extends ControllerRoot
 
         // append ACL object to view
         $this->view->acl = new \OPNsense\Core\ACL();
-        $this->response->setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';");
+        $this->response->setHeader('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';");
         $this->response->setHeader('X-Frame-Options', "SAMEORIGIN");
         $this->response->setHeader('X-Content-Type-Options', "nosniff");
         $this->response->setHeader('X-XSS-Protection', "1; mode=block");