jannik/web-jbeyerstedt
1
0
Fork 0
Code Releases Activity

[FIX] quick CSP Header patch for safari browsers, which ignore nonces

Browse source
This commit is contained in:
Jannik Beyerstedt 2017-01-03 14:06:46 +01:00
parent 9b562aace6
commit af9b9ff262
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
site/config/config.php
View file

@ -1,6 +1,6 @@
<?php
if(!function_exists('panel')) {
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' 'unsafe-inline' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
}
//header("X-Content-Type-Options: nosniff"); // enabled at server-side
//header("X-Frame-Options: deny"); // enabled at server-side