From 1ae30d1d9c849b3e1ef3e75a78bd3aab49f48afd Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 15 Dec 2015 16:37:10 +0100 Subject: [PATCH] Use setifempty to please incompatible httpd versions Some httpd versions have problem with the old logic leading to resourced served with multiple headers. --- .htaccess | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.htaccess b/.htaccess index bb030c6acc..db1fa99755 100644 --- a/.htaccess +++ b/.htaccess @@ -14,9 +14,12 @@ Header set X-Frame-Options "SAMEORIGIN" SetEnv modHeadersAvailable true - # Add CSP header if not set, used for static resources - Header append Content-Security-Policy "" - Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'" + + = 2.4.7> + # Add CSP header if not set, used for static resources + Header setifempty Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'" + + # Add cache control for CSS and JS files