1
0
Fork 0

[SITE] move CSP header to html-head to exclude it from panel resources

This commit is contained in:
Jannik Beyerstedt 2016-10-15 20:23:48 +02:00
parent 30e00e09ad
commit efcbebba2a
2 changed files with 1 additions and 1 deletions

View file

@ -1,5 +1,4 @@
<?php <?php
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
//header("X-Content-Type-Options: nosniff"); // enabled at server-side //header("X-Content-Type-Options: nosniff"); // enabled at server-side
//header("X-Frame-Options: deny"); // enabled at server-side //header("X-Frame-Options: deny"); // enabled at server-side
//header("X-Xss-Protection: 1; mode=block"); // enabled at server-side //header("X-Xss-Protection: 1; mode=block"); // enabled at server-side

View file

@ -5,6 +5,7 @@
// copyright: Jannik Beyerstedt | https://jannikbeyerstedt.de // copyright: Jannik Beyerstedt | https://jannikbeyerstedt.de
// license: http://www.gnu.org/licenses/gpl-3.0.txt GPLv3 License // license: http://www.gnu.org/licenses/gpl-3.0.txt GPLv3 License
// ------------------------------------------- // -------------------------------------------
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
if( $page->isHomePage() ) { if( $page->isHomePage() ) {
$title = $site->title()->html(); $title = $site->title()->html();