function seckit_update_6101 in Security Kit 6

Changes Content-Security-Policy "allow" directive to "default-src".

File

./seckit.install, line 21

Install/uninstall actions for SecKit.

Code

function seckit_update_6101() {

  // update CSP directives
  // default-src is used instead of allow
  $options = variable_get('seckit_xss', array());
  if (isset($options['csp']['allow'])) {
    $directive = $options['csp']['allow'];
    if ($directive) {

      // remove allow
      unset($options['csp']['allow']);

      // add default-src
      $options['csp']['default-src'] = $directive;

      // delete and set new version of variable
      variable_del('seckit_xss');
      variable_set('seckit_xss', $options);
    }
  }
}