install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some minor changes at Content-Security-Policy.

Browse Source
This commit is contained in:
Christoph 2018-03-14 04:13:28 +01:00
parent 5393dab11c
commit cb474e07d7
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install_postfixadmin.sh
View File

@ -1318,7 +1318,7 @@ cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
# - frame-src 'self' https://www.youtube.com
# -
#Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval' ; object-src 'none'"
Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self'; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src ${WEBSITE_NAME}:443 ; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self'; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src 'self' ; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
# - Referrer-Policy
# -

2
install_roundcube.sh
View File

@ -1327,7 +1327,7 @@ cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
# - frame-src 'self' https://www.youtube.com
# -
#Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval' ; object-src 'none'"
Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https: ; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src ${WEBSITE_NAME}:443 ; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https: ; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
# - Referrer-Policy
# -