make yet another recommended security header optional - this time because of piwik. Personally I think if you want to track people you really don't understand this project and its history, but whatever....

author: redmatrix <git@macgirvin.com> 2016-02-08 14:48:11 -0800
committer: redmatrix <git@macgirvin.com> 2016-02-08 14:48:11 -0800
commit: a14b87baf25e8a4747318efa7a7b52ad04966af7 (patch)
tree: fd34586e4d1a913a7807b436020d633e061557d4 /boot.php
parent: 90fd23e0cd1fe3b6d3471411f650b9b276473c68 (diff)
download: volse-hubzilla-a14b87baf25e8a4747318efa7a7b52ad04966af7.tar.gz
volse-hubzilla-a14b87baf25e8a4747318efa7a7b52ad04966af7.tar.bz2
volse-hubzilla-a14b87baf25e8a4747318efa7a7b52ad04966af7.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/boot.php b/boot.php
index 1f214c400..ce26f3a09 100755
--- a/boot.php
+++ b/boot.php
@@ -2167,7 +2167,8 @@ function construct_page(&$a) {
 	if($a->get_scheme() === 'https' && $a->config['system']['transport_security_header'])
 		header("Strict-Transport-Security: max-age=31536000");
 
-	header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
+	if($a->config['system']['content_security_policy'])
+		header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
 
 	if($a->config['system']['x_security_headers']) {
 		header("X-Frame-Options: SAMEORIGIN");
author	redmatrix <git@macgirvin.com>	2016-02-08 14:48:11 -0800
committer	redmatrix <git@macgirvin.com>	2016-02-08 14:48:11 -0800
commit	a14b87baf25e8a4747318efa7a7b52ad04966af7 (patch)
tree	fd34586e4d1a913a7807b436020d633e061557d4 /boot.php
parent	90fd23e0cd1fe3b6d3471411f650b9b276473c68 (diff)
download	volse-hubzilla-a14b87baf25e8a4747318efa7a7b52ad04966af7.tar.gz volse-hubzilla-a14b87baf25e8a4747318efa7a7b52ad04966af7.tar.bz2 volse-hubzilla-a14b87baf25e8a4747318efa7a7b52ad04966af7.zip