Add CSP header to static resources

Fixes https://github.com/owncloud/core/issues/16164
This commit is contained in:
Lukas Reschke 2015-12-07 15:47:05 +01:00
parent 857030d139
commit 7b9bc721e9
1 changed files with 4 additions and 0 deletions

View File

@ -14,6 +14,10 @@
Header set X-Robots-Tag "none" Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN" Header set X-Frame-Options "SAMEORIGIN"
SetEnv modHeadersAvailable true SetEnv modHeadersAvailable true
# Add CSP header if not set, used for static resources
Header append Content-Security-Policy ""
Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
</IfModule> </IfModule>
# Add cache control for CSS and JS files # Add cache control for CSS and JS files