Revert moving the CSP header to html-head snippet, because of caching issues

2016-10-15 20:50:49 +02:00 · 2016-10-15 20:50:49 +02:00 · 57f811dbe9
commit 57f811dbe9
parent 457de4a9dd
3 changed files with 1 additions and 4 deletions
--- a/site/config/config.php
+++ b/site/config/config.php
@ -1,4 +1,5 @@
 <?php
+header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
 //header("X-Content-Type-Options: nosniff");  // enabled at server-side
 //header("X-Frame-Options: deny");            // enabled at server-side
 //header("X-Xss-Protection: 1; mode=block");  // enabled at server-side