1 files changed, 5 insertions, 0 deletions

diff --git a/.htaccess b/.htaccess
index cb2cc9cf7e3..8a24076dcb3 100644
--- a/.htaccess
+++ b/.htaccess
@@ -14,6 +14,10 @@
     Header set X-Robots-Tag "none"
     Header set X-Frame-Options "SAMEORIGIN"
     SetEnv modHeadersAvailable true
+
+    # Add CSP header if not set, used for static resources
+    Header append Content-Security-Policy ""
+    Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
   </IfModule>
 
   # Add cache control for CSS and JS files
@@ -53,6 +57,7 @@
   RewriteRule ^core/js/oc.js$ index.php/core/js/oc.js [PT,E=PATH_INFO:$1]
   RewriteRule ^core/preview.png$ index.php/core/preview.png [PT,E=PATH_INFO:$1]
   RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff)$
+  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
   RewriteCond %{REQUEST_FILENAME} !/remote.php
   RewriteCond %{REQUEST_FILENAME} !/public.php
   RewriteCond %{REQUEST_FILENAME} !/cron.php