From 02229482b8574ce4defc9c29c5c01a4816c53b25 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Mon, 17 May 2021 22:30:47 +0200 Subject: Fix security headers switching --- boot.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot.php b/boot.php index c057f8278..622784e9c 100644 --- a/boot.php +++ b/boot.php @@ -2420,10 +2420,10 @@ function construct_page() { // security headers - see https://securityheaders.io - if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) + if(App::get_scheme() === 'https' && isset(App::$config['system']['transport_security_header']) && intval(App::$config['system']['transport_security_header']) == 1) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { + if(isset(App::$config['system']['content_security_policy']) && intval(App::$config['system']['content_security_policy']) == 1) { $cspsettings = [ 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], 'style-src' => [ "'self'", "'unsafe-inline'" ], -- cgit v1.2.3