From 02229482b8574ce4defc9c29c5c01a4816c53b25 Mon Sep 17 00:00:00 2001
From: Max Kostikov <max@kostikov.co>
Date: Mon, 17 May 2021 22:30:47 +0200
Subject: Fix security headers switching

---
 boot.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'boot.php')

diff --git a/boot.php b/boot.php
index c057f8278..622784e9c 100644
--- a/boot.php
+++ b/boot.php
@@ -2420,10 +2420,10 @@ function construct_page() {
 
 	// security headers - see https://securityheaders.io
 
-	if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header'])
+	if(App::get_scheme() === 'https' && isset(App::$config['system']['transport_security_header']) && intval(App::$config['system']['transport_security_header']) == 1)
 		header("Strict-Transport-Security: max-age=31536000");
 
-	if(isset(App::$config['system']['content_security_policy'])) {
+	if(isset(App::$config['system']['content_security_policy']) && intval(App::$config['system']['content_security_policy']) == 1) {
 		$cspsettings = [
 			'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ],
 			'style-src'  => [ "'self'", "'unsafe-inline'" ],
-- 
cgit v1.2.3