From 720897b9028f81b7289efcbae93d1ed4d3c57008 Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Sat, 21 Jul 2018 06:45:09 +0000
Subject: [PATCH] correct CSP to allow password prompt

---
 cfg/conf.sample.php   | 2 +-
 lib/Configuration.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php
index 959c1a04..28dae77d 100644
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@@ -70,7 +70,7 @@ languageselection = false
 ; Check the documentation at https://content-security-policy.com/
 ; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
 ; By default this disallows to load images from third-party servers, e.g. when they are embedded in pastes. If you wish to allow that, you can adjust the policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images for details.
-; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
 
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
diff --git a/lib/Configuration.php b/lib/Configuration.php
index a9b94c5b..31c08e86 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -53,7 +53,7 @@ class Configuration
             'urlshortener'             => '',
             'qrcode'                   => true,
             'icon'                     => 'identicon',
-            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; media-src data:; object-src data:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
+            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; media-src data:; object-src data:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
             'zerobincompatibility'     => false,
         ),
         'expire' => array(