Commit 8bc44c00 authored by Omniscimus's avatar Omniscimus
Browse files

Change the CSP header

parent 3ed3cf39
......@@ -42,8 +42,8 @@ apache::vhost { $project_name:
'set X-XSS-Protection "1; mode=block"',
'set X-Frame-Options "DENY"',
'set Strict-Transport-Security "max-age=31536000"',
# The media-src directive is required for recording audio.
'set Content-Security-Policy "default-src \'self\'; object-src \'none\'; media-src blob: \'self\'"',
# media-src blob: is required for recording audio.
'set Content-Security-Policy "default-src \'self\'; img-src \'self\' https://www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src \'self\' \'unsafe-eval\' https://www.google-analytics.com/analytics.js"'
],
rewrites => [
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment