CSP: Allow any CSS

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 87a8914d14e9cc3e523eccac7e04f4008386c84c..102b898d9328d4085f7febbfe770b12d009c3c17 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -110,7 +110,6 @@ function csp() {
        return array(
                array(
                        "script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
-                       "style-src" => "'self' 'unsafe-inline'",
                        "connect-src" => "'self'",
                        "frame-src" => "https://www.adminer.org",
                        "object-src" => "'none'",

diff --git a/changes.txt b/changes.txt
index e4765b26b5a7bf5cbfeec8c7dbeb8286cfe31b14..391a17e48080e705dbc406de763e62f7cf680612 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,6 @@
 Adminer 4.4.1-dev:
 Adminer: Fix Search data in tables (regression from 4.4.0)
-CSP: Allow any images, media and fonts, disallow base-uri
+CSP: Allow any styles, images, media and fonts, disallow base-uri
 SQLite: Enable foreign key checks
 PostgreSQL: Respect NULL default value
 Elasticsearch: Insert, update, delete