Add CSP header to static resources

Fixes https://github.com/owncloud/core/issues/16164
author: Lukas Reschke <lukas@owncloud.com> 2015-12-07 15:47:05 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2015-12-07 15:50:09 +0100
commit: 7b9bc721e998096220019ab462d4ac51f04a667c (patch)
tree: 76d7c66ff8cad74ab8f56bb1afe503e9ca21a300 /.htaccess
parent: 857030d13949e13da8b13797767c2f68b214c5ad (diff)
download: nextcloud-server-7b9bc721e998096220019ab462d4ac51f04a667c.tar.gz
nextcloud-server-7b9bc721e998096220019ab462d4ac51f04a667c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess
index 4f2a6f35af4..7e8fd902294 100644
--- a/.htaccess
+++ b/.htaccess
@@ -14,6 +14,10 @@
     Header set X-Robots-Tag "none"
     Header set X-Frame-Options "SAMEORIGIN"
     SetEnv modHeadersAvailable true
+
+    # Add CSP header if not set, used for static resources
+    Header append Content-Security-Policy ""
+    Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
   </IfModule>
 
   # Add cache control for CSS and JS files
author	Lukas Reschke <lukas@owncloud.com>	2015-12-07 15:47:05 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2015-12-07 15:50:09 +0100
commit	7b9bc721e998096220019ab462d4ac51f04a667c (patch)
tree	76d7c66ff8cad74ab8f56bb1afe503e9ca21a300 /.htaccess
parent	857030d13949e13da8b13797767c2f68b214c5ad (diff)
download	nextcloud-server-7b9bc721e998096220019ab462d4ac51f04a667c.tar.gz nextcloud-server-7b9bc721e998096220019ab462d4ac51f04a667c.zip