From 49d521e9147ca3e54ed79c6e7991224eef8b810f Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 12 Jul 2019 17:48:41 +0200
Subject: [PATCH] Fixed #5341 CSS Styles do not load in ISPConfig UI when no
 SSL is used

---
 install/tpl/apache_ispconfig.vhost.master | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 55135299f1..d8c56de22d 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -89,11 +89,11 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
 
   <IfModule mod_headers.c>
     # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
-    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
+    <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
     Header set X-Content-Type-Options: nosniff
     Header set X-Frame-Options: SAMEORIGIN
     Header set X-XSS-Protection: "1; mode=block"
-    Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
+    <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
     <IfVersion >= 2.4.7>
         Header setifempty Strict-Transport-Security "max-age=15768000"
     </IfVersion>
-- 
GitLab