aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kostikov <max@kostikov.co>2021-05-19 23:30:39 +0000
committerMax Kostikov <max@kostikov.co>2021-05-19 23:30:39 +0000
commit98985b276177616b7bec5813bf674f5ed9ff529f (patch)
treee197f42940ca5c90d488d29125ab087fd800b1af
parent8fe00d428d830fd4cf84473c0f441bf73f646eab (diff)
parent02229482b8574ce4defc9c29c5c01a4816c53b25 (diff)
downloadvolse-hubzilla-98985b276177616b7bec5813bf674f5ed9ff529f.tar.gz
volse-hubzilla-98985b276177616b7bec5813bf674f5ed9ff529f.tar.bz2
volse-hubzilla-98985b276177616b7bec5813bf674f5ed9ff529f.zip
Merge branch 'dev' into 'dev'
Fix security headers switching See merge request hubzilla/core!1953
-rw-r--r--boot.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/boot.php b/boot.php
index c057f8278..622784e9c 100644
--- a/boot.php
+++ b/boot.php
@@ -2420,10 +2420,10 @@ function construct_page() {
// security headers - see https://securityheaders.io
- if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header'])
+ if(App::get_scheme() === 'https' && isset(App::$config['system']['transport_security_header']) && intval(App::$config['system']['transport_security_header']) == 1)
header("Strict-Transport-Security: max-age=31536000");
- if(isset(App::$config['system']['content_security_policy'])) {
+ if(isset(App::$config['system']['content_security_policy']) && intval(App::$config['system']['content_security_policy']) == 1) {
$cspsettings = [
'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ],
'style-src' => [ "'self'", "'unsafe-inline'" ],