Allow plugins to override CSP rules

app/Controller/Base.php

@@ -80,7 +80,7 @@ abstract class Base extends \Core\Base
     private function sendHeaders($action)
     {
         // HTTP secure headers
-        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:'));
+        $this->response->csp($this->container['cspRules']);
         $this->response->nosniff();
         $this->response->xss();
 

app/Core/Plugin/Base.php

@@ -18,6 +18,17 @@ abstract class Base extends \Core\Base
      */
     abstract public function initialize();
 
+    /**
+     * Override default CSP rules
+     *
+     * @access public
+     * @param  array  $rules
+     */
+    public function setContentSecurityPolicy(array $rules)
+    {
+        $this->container['cspRules'] = $rules;
+    }
+
     /**
      * Returns all classes that needs to be stored in the DI container
      *

app/ServiceProvider/ClassProvider.php

@@ -126,5 +126,7 @@ class ClassProvider implements ServiceProviderInterface
         };
 
         $container['pluginLoader'] = new Loader($container);
+
+        $container['cspRules'] = array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:');
     }
 }