mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-02-24 02:46:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix CSP, it needs to be one line + ReCaptcha

Browse Source
This commit is contained in:
FrancescoUK
2021-10-06 18:39:02 +01:00
committed by GitHub
parent ee5e06cd0c
commit e36a74ded2
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
public/.htaccess
View File

@@ -26,11 +26,7 @@ Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
<IfModule mod_headers.c>
Header always set X-Frame-Options "SAMEORIGIN"
Header add Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'"
Header add Content-Security-Policy "style-src 'self' 'unsafe-inline' fonts.googleapis.com"
Header add Content-Security-Policy "font-src 'self' fonts.googleapis.com fonts.gstatic.com"
Header add Content-Security-Policy "object-src 'none'"
Header add Content-Security-Policy "form-action 'self'"
Header add Content-Security-Policy "default-src 'self' www.google.com; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:; object-src 'none'; form-action 'self'"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "DENY"