aboutsummaryrefslogtreecommitdiffstats
path: root/.htaccess
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-12-15 16:37:10 +0100
committerMorris Jobke <hey@morrisjobke.de>2016-01-08 11:08:37 +0100
commit1ae30d1d9c849b3e1ef3e75a78bd3aab49f48afd (patch)
tree7564e13566591f7772bfc365405ad41a15605c6a /.htaccess
parenta0345b94650f9ded7b86d53b27624557868747e4 (diff)
downloadnextcloud-server-1ae30d1d9c849b3e1ef3e75a78bd3aab49f48afd.tar.gz
nextcloud-server-1ae30d1d9c849b3e1ef3e75a78bd3aab49f48afd.zip
Use setifempty to please incompatible httpd versions
Some httpd versions have problem with the old logic leading to resourced served with multiple headers.
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess9
1 files changed, 6 insertions, 3 deletions
diff --git a/.htaccess b/.htaccess
index bb030c6acca..db1fa997555 100644
--- a/.htaccess
+++ b/.htaccess
@@ -14,9 +14,12 @@
Header set X-Frame-Options "SAMEORIGIN"
SetEnv modHeadersAvailable true
- # Add CSP header if not set, used for static resources
- Header append Content-Security-Policy ""
- Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
+ <IfModule mod_version.c>
+ <IfVersion >= 2.4.7>
+ # Add CSP header if not set, used for static resources
+ Header setifempty Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
+ </IfVersion>
+ </IfModule>
</IfModule>
# Add cache control for CSS and JS files