diff options
| author | Thorsten Ortlepp <post@ortlepp.eu> | 2024-12-13 00:34:09 +0100 |
|---|---|---|
| committer | Thorsten Ortlepp <post@ortlepp.eu> | 2024-12-13 00:34:09 +0100 |
| commit | 6e4f34651be7b37938ea2fba38ab81e4a67769ec (patch) | |
| tree | c1bc1b29b9edf90feb1eaf5f1f017186ece6c222 | |
| parent | 5507304cdeedb6a09f71da30002612383918d02f (diff) | |
| download | website-ortleppms-6e4f34651be7b37938ea2fba38ab81e4a67769ec.zip | |
fix broken csp
| -rw-r--r-- | static/.htaccess | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/static/.htaccess b/static/.htaccess index 28b709e..e7cb1dc 100644 --- a/static/.htaccess +++ b/static/.htaccess @@ -3,7 +3,7 @@ Header setifempty X-Frame-Options "DENY" Header setifempty X-XSS-Protection "1; mode=block" Header setifempty Referrer-Policy "strict-origin" - Header setifempty Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'none'; base-uri 'self'; frame-ancestors 'none'" + Header setifempty Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; form-action 'none'; base-uri 'self'; frame-ancestors 'none'" Header setifempty Permissions-Policy "camera=(), microphone=(), geolocation=(), gyroscope=(), magnetometer=(), usb=()" </IfModule> |