jannik/web-jbeyerstedt
1
0
Fork 0
Code Releases Activity

[SITE] new CSP without 'unsafe-inline'

Browse source
This commit is contained in:
Jannik Beyerstedt 2016-10-15 20:10:34 +02:00
parent 404e6f8d79
commit 30e00e09ad
3 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
site/config/config.php
View file

@ -1,5 +1,5 @@
<?php
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://*.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
//header("X-Content-Type-Options: nosniff"); // enabled at server-side
//header("X-Frame-Options: deny"); // enabled at server-side
//header("X-Xss-Protection: 1; mode=block"); // enabled at server-side