jannik/web-jbeyerstedt
1
0
Fork 0
Code Releases Activity

[SITE] move CSP header to html-head to exclude it from panel resources

Browse source
This commit is contained in:
Jannik Beyerstedt 2016-10-15 20:23:48 +02:00
parent 30e00e09ad
commit efcbebba2a
2 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
site/config/config.php
View file

@ -1,5 +1,4 @@
<?php
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
//header("X-Content-Type-Options: nosniff"); // enabled at server-side
//header("X-Frame-Options: deny"); // enabled at server-side
//header("X-Xss-Protection: 1; mode=block"); // enabled at server-side

1
site/snippets/base/html-head.php
View file

@ -5,6 +5,7 @@
// copyright: Jannik Beyerstedt | https://jannikbeyerstedt.de
// license: http://www.gnu.org/licenses/gpl-3.0.txt GPLv3 License
// -------------------------------------------
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
if( $page->isHomePage() ) {
$title = $site->title()->html();