aboutsummaryrefslogtreecommitdiffstats
path: root/.htaccess
diff options
context:
space:
mode:
authormbi <knox@users.noreply.github.com>2015-12-08 21:02:52 +0100
committermbi <knox@users.noreply.github.com>2015-12-08 21:02:52 +0100
commit508c46a112d3d53b4b0668efcbe1403eb2e143b8 (patch)
tree29ef86459abae1dcaadf75203851ab9b39ec43bd /.htaccess
parent27f420e0a797f8a56b5e83e8dd8e19df289c766b (diff)
parent13993c4a6db83c0a637fc7c20da0470acae47208 (diff)
downloadnextcloud-server-508c46a112d3d53b4b0668efcbe1403eb2e143b8.tar.gz
nextcloud-server-508c46a112d3d53b4b0668efcbe1403eb2e143b8.zip
Merge branch 'master' into master
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess5
1 files changed, 5 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess
index cb2cc9cf7e3..8a24076dcb3 100644
--- a/.htaccess
+++ b/.htaccess
@@ -14,6 +14,10 @@
Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN"
SetEnv modHeadersAvailable true
+
+ # Add CSP header if not set, used for static resources
+ Header append Content-Security-Policy ""
+ Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
</IfModule>
# Add cache control for CSS and JS files
@@ -53,6 +57,7 @@
RewriteRule ^core/js/oc.js$ index.php/core/js/oc.js [PT,E=PATH_INFO:$1]
RewriteRule ^core/preview.png$ index.php/core/preview.png [PT,E=PATH_INFO:$1]
RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff)$
+ RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
RewriteCond %{REQUEST_FILENAME} !/remote.php
RewriteCond %{REQUEST_FILENAME} !/public.php
RewriteCond %{REQUEST_FILENAME} !/cron.php