From cb474e07d7629f95d180e58d11df440aafdb3d19 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Wed, 14 Mar 2018 04:13:28 +0100
Subject: [PATCH] Some minor changes at Content-Security-Policy.

---
 install_postfixadmin.sh | 2 +-
 install_roundcube.sh    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install_postfixadmin.sh b/install_postfixadmin.sh
index c6255c4..f0c9940 100755
--- a/install_postfixadmin.sh
+++ b/install_postfixadmin.sh
@@ -1318,7 +1318,7 @@ cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
    # -     frame-src 'self' https://www.youtube.com
    # -
    #Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval' ; object-src 'none'"
-   Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self'; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src ${WEBSITE_NAME}:443 ; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
+   Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self'; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src 'self' ; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
 
    # - Referrer-Policy
    # -
diff --git a/install_roundcube.sh b/install_roundcube.sh
index b64b7cc..e384320 100755
--- a/install_roundcube.sh
+++ b/install_roundcube.sh
@@ -1327,7 +1327,7 @@ cat <<EOF >> ${APACHE_VHOST_DIR}/${WEBSITE_NAME}.conf 2>> $log_file
 	# -     frame-src 'self' https://www.youtube.com
    # -
    #Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval' ; object-src 'none'"
-   Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https: ; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src ${WEBSITE_NAME}:443 ; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
+   Header always set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https: ; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self' ; frame-src 'self'; worker-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests"
 
    # - Referrer-Policy
    # -