From 56e0bfa4ec55309f891d442f788c2ab927897b69 Mon Sep 17 00:00:00 2001
From: Tiste <contact@tiste.org>
Date: Fri, 13 Jan 2017 00:16:05 +0100
Subject: [PATCH] Add CSP to ISPC interface Apache vhost tpl

* as of [H5BP server config](https://github.com/h5bp/server-configs-apache)
* more about [CSP](https://content-security-policy.com/)
---
 install/tpl/apache_ispconfig.vhost.master | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 2a2fa5d2db..deddd0be55 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -91,6 +91,15 @@
     Header always add Strict-Transport-Security "max-age=15768000"
 	RequestHeader unset Proxy early
   </IfModule>
+  
+  <IfModule mod_headers.c>
+    Header set Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' data:; font-src 'self' data:"
+
+    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
+        Header unset Content-Security-Policy
+    </FilesMatch>
+
+  </IfModule>
 
   <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
   <tmpl_var name="ssl_comment">SSLUseStapling On
-- 
GitLab