diff options
| author | Justin Velluppillai <justin@innocraft.com> | 2021-10-26 05:43:00 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-26 05:43:00 +0300 |
| commit | 7e35a9cbeec451016bcb0157fc95511b0221eca5 (patch) | |
| tree | e32083de684175e15282812fcd852fad19ed8287 /config | |
| parent | 43d09b0d999e86dc0f5182eb48a0595de92dc359 (diff) | |
Enable CSP (not report-only) and add SecurityPolicy methods to @api (#18197)
* Enable CSP (not report-only) and add SecurityPolicy methods to @api
* Remove redundant initialisation and trigger build
* Updated UI test ss
Diffstat (limited to 'config')
| -rwxr-xr-x | config/global.ini.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 46c36c8661..e49a2c2fc0 100755 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -446,7 +446,7 @@ csp_enabled = 1 ; If set, and csp_enabled is on, Matomo will send a report-uri in the Content-Security-Policy-Report-Only header ; instead of a Content-Security-Policy header. -csp_report_only = 1 +csp_report_only = 0 ; If set to 1 Matomo will prefer using SERVER_NAME variable over HTTP_HOST. ; This can add an additional layer of security as SERVER_NAME can not be manipulated by sending custom host headers when configure correctly. |