Merge pull request #20998 from owncloud/add-csp-header-to-static-resources

Add CSP header to static resources
author: Thomas Müller <thomas.mueller@tmit.eu> 2015-12-07 16:23:38 +0100
committer: Thomas Müller <thomas.mueller@tmit.eu> 2015-12-07 16:23:38 +0100
commit: 3c0b5840937963ef205f46228cca152712ce935e (patch)
tree: 963b6674fef870f06b13f549488af3e4d4b1e1c2
parent: 663f31b127f52149b4556294e209cfcc7c1688a4 (diff)
parent: 7b9bc721e998096220019ab462d4ac51f04a667c (diff)
download: nextcloud-server-3c0b5840937963ef205f46228cca152712ce935e.tar.gz
nextcloud-server-3c0b5840937963ef205f46228cca152712ce935e.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess
index 4f2a6f35af4..7e8fd902294 100644
--- a/.htaccess
+++ b/.htaccess
@@ -14,6 +14,10 @@
     Header set X-Robots-Tag "none"
     Header set X-Frame-Options "SAMEORIGIN"
     SetEnv modHeadersAvailable true
+
+    # Add CSP header if not set, used for static resources
+    Header append Content-Security-Policy ""
+    Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
   </IfModule>
 
   # Add cache control for CSS and JS files
author	Thomas Müller <thomas.mueller@tmit.eu>	2015-12-07 16:23:38 +0100
committer	Thomas Müller <thomas.mueller@tmit.eu>	2015-12-07 16:23:38 +0100
commit	3c0b5840937963ef205f46228cca152712ce935e (patch)
tree	963b6674fef870f06b13f549488af3e4d4b1e1c2
parent	663f31b127f52149b4556294e209cfcc7c1688a4 (diff)
parent	7b9bc721e998096220019ab462d4ac51f04a667c (diff)
download	nextcloud-server-3c0b5840937963ef205f46228cca152712ce935e.tar.gz nextcloud-server-3c0b5840937963ef205f46228cca152712ce935e.zip