diff options
author | Max Kostikov <max@kostikov.co> | 2021-05-17 22:30:47 +0200 |
---|---|---|
committer | Max Kostikov <max@kostikov.co> | 2021-05-17 22:30:47 +0200 |
commit | 02229482b8574ce4defc9c29c5c01a4816c53b25 (patch) | |
tree | c0a4b0f7053436f3772637028f52ba8455a3e171 | |
parent | 9a5c1aa02f49d695e59ae771765d4e0f8744577a (diff) | |
download | volse-hubzilla-02229482b8574ce4defc9c29c5c01a4816c53b25.tar.gz volse-hubzilla-02229482b8574ce4defc9c29c5c01a4816c53b25.tar.bz2 volse-hubzilla-02229482b8574ce4defc9c29c5c01a4816c53b25.zip |
Fix security headers switching
-rw-r--r-- | boot.php | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -2420,10 +2420,10 @@ function construct_page() { // security headers - see https://securityheaders.io - if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) + if(App::get_scheme() === 'https' && isset(App::$config['system']['transport_security_header']) && intval(App::$config['system']['transport_security_header']) == 1) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { + if(isset(App::$config['system']['content_security_policy']) && intval(App::$config['system']['content_security_policy']) == 1) { $cspsettings = [ 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], 'style-src' => [ "'self'", "'unsafe-inline'" ], |