aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kostikov <max@kostikov.co>2021-05-17 22:30:47 +0200
committerMax Kostikov <max@kostikov.co>2021-05-17 22:30:47 +0200
commit02229482b8574ce4defc9c29c5c01a4816c53b25 (patch)
treec0a4b0f7053436f3772637028f52ba8455a3e171
parent9a5c1aa02f49d695e59ae771765d4e0f8744577a (diff)
downloadvolse-hubzilla-02229482b8574ce4defc9c29c5c01a4816c53b25.tar.gz
volse-hubzilla-02229482b8574ce4defc9c29c5c01a4816c53b25.tar.bz2
volse-hubzilla-02229482b8574ce4defc9c29c5c01a4816c53b25.zip
Fix security headers switching
-rw-r--r--boot.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/boot.php b/boot.php
index c057f8278..622784e9c 100644
--- a/boot.php
+++ b/boot.php
@@ -2420,10 +2420,10 @@ function construct_page() {
// security headers - see https://securityheaders.io
- if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header'])
+ if(App::get_scheme() === 'https' && isset(App::$config['system']['transport_security_header']) && intval(App::$config['system']['transport_security_header']) == 1)
header("Strict-Transport-Security: max-age=31536000");
- if(isset(App::$config['system']['content_security_policy'])) {
+ if(isset(App::$config['system']['content_security_policy']) && intval(App::$config['system']['content_security_policy']) == 1) {
$cspsettings = [
'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ],
'style-src' => [ "'self'", "'unsafe-inline'" ],