From a14b87baf25e8a4747318efa7a7b52ad04966af7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 8 Feb 2016 14:48:11 -0800 Subject: make yet another recommended security header optional - this time because of piwik. Personally I think if you want to track people you really don't understand this project and its history, but whatever.... --- boot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'boot.php') diff --git a/boot.php b/boot.php index 1f214c400..ce26f3a09 100755 --- a/boot.php +++ b/boot.php @@ -2167,7 +2167,8 @@ function construct_page(&$a) { if($a->get_scheme() === 'https' && $a->config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"); + if($a->config['system']['content_security_policy']) + header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"); if($a->config['system']['x_security_headers']) { header("X-Frame-Options: SAMEORIGIN"); -- cgit v1.2.3