diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-12-07 17:47:05 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-12-07 17:50:09 +0300 |
| commit | 7b9bc721e998096220019ab462d4ac51f04a667c (patch) | |
| tree | 76d7c66ff8cad74ab8f56bb1afe503e9ca21a300 /.htaccess | |
| parent | 857030d13949e13da8b13797767c2f68b214c5ad (diff) | |
Add CSP header to static resources
Fixes https://github.com/owncloud/core/issues/16164
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess index 4f2a6f35af4..7e8fd902294 100644 --- a/.htaccess +++ b/.htaccess @@ -14,6 +14,10 @@ Header set X-Robots-Tag "none" Header set X-Frame-Options "SAMEORIGIN" SetEnv modHeadersAvailable true + + # Add CSP header if not set, used for static resources + Header append Content-Security-Policy "" + Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'" </IfModule> # Add cache control for CSS and JS files |