Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Helmo
ISPConfig 3
Commits
74a297a2
Commit
74a297a2
authored
Oct 12, 2018
by
Till Brehm
Browse files
Merge branch 'patch-3' into 'stable-3.1'
Add Content-Security-Policy header and friends. See merge request
!824
parents
06cf8f6e
b5dd05ad
Changes
1
Hide whitespace changes
Inline
Side-by-side
install/tpl/apache_ispconfig.vhost.master
View file @
74a297a2
...
...
@@ -88,8 +88,14 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
</tmpl_if>
<IfModule mod_headers.c>
Header setifempty add Strict-Transport-Security "max-age=15768000"
RequestHeader unset Proxy early
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
Header setifempty Strict-Transport-Security "max-age=15768000"
RequestHeader unset Proxy early
</IfModule>
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment