From 7b9bc721e998096220019ab462d4ac51f04a667c Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 7 Dec 2015 15:47:05 +0100 Subject: Add CSP header to static resources Fixes https://github.com/owncloud/core/issues/16164 --- .htaccess | 4 ++++ 1 file changed, 4 insertions(+) (limited to '.htaccess') diff --git a/.htaccess b/.htaccess index 4f2a6f35af4..7e8fd902294 100644 --- a/.htaccess +++ b/.htaccess @@ -14,6 +14,10 @@ Header set X-Robots-Tag "none" Header set X-Frame-Options "SAMEORIGIN" SetEnv modHeadersAvailable true + + # Add CSP header if not set, used for static resources + Header append Content-Security-Policy "" + Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'" # Add cache control for CSS and JS files -- cgit v1.2.3