diff options
| author | Max Kostikov <max@kostikov.co> | 2021-05-19 23:30:39 +0000 |
|---|---|---|
| committer | Max Kostikov <max@kostikov.co> | 2021-05-19 23:30:39 +0000 |
| commit | 98985b276177616b7bec5813bf674f5ed9ff529f (patch) | |
| tree | e197f42940ca5c90d488d29125ab087fd800b1af | |
| parent | 8fe00d428d830fd4cf84473c0f441bf73f646eab (diff) | |
| parent | 02229482b8574ce4defc9c29c5c01a4816c53b25 (diff) | |
| download | volse-hubzilla-98985b276177616b7bec5813bf674f5ed9ff529f.tar.gz volse-hubzilla-98985b276177616b7bec5813bf674f5ed9ff529f.tar.bz2 volse-hubzilla-98985b276177616b7bec5813bf674f5ed9ff529f.zip | |
Merge branch 'dev' into 'dev'
Fix security headers switching
See merge request hubzilla/core!1953
| -rw-r--r-- | boot.php | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -2420,10 +2420,10 @@ function construct_page() { // security headers - see https://securityheaders.io - if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) + if(App::get_scheme() === 'https' && isset(App::$config['system']['transport_security_header']) && intval(App::$config['system']['transport_security_header']) == 1) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { + if(isset(App::$config['system']['content_security_policy']) && intval(App::$config['system']['content_security_policy']) == 1) { $cspsettings = [ 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], 'style-src' => [ "'self'", "'unsafe-inline'" ], |