Skip to content

Commit

Permalink
Format Content-Security-Policy header directives #359
Browse files Browse the repository at this point in the history
  • Loading branch information
@dcog989
dcog989 authored Mar 12, 2024
1 parent c616cf5 commit aafee21
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions h5bp/security/content-security-policy.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,13 @@
# https://content-security-policy.com/

<IfModule mod_headers.c>
# (1) (2) (3) (4) (5) (6) (7)
Header always set Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
Header always set Content-Security-Policy "
# (1) (2) (3) (4) (5) (6) (7)
default-src 'self';
base-uri 'none';
form-action 'self';
frame-ancestors 'none';
object-src 'none';
upgrade-insecure-requests;"
"expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
</IfModule>

0 comments on commit aafee21

Please sign in to comment.