Commit 85595661 authored by Hugo Hörnquist's avatar Hugo Hörnquist
Browse files

Allow unsafe-eval.

parent b4b6f137
......@@ -41,7 +41,8 @@
Header always set Strict-Transport-Security max-age=31536000
# Note that 'unsafe-inline' is required by MediaWiki due to inline scripts and styles.
Header always set Content-Security-Policy: "default-src 'self' 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests"
# same goes for 'unsafe-eval' -- hugo
Header always set Content-Security-Policy: "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: data:; upgrade-insecure-requests"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options DENY
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment