Commit 49d521e9 authored by Till Brehm's avatar Till Brehm
Browse files

Fixed #5341 CSS Styles do not load in ISPConfig UI when no SSL is used

parent cc8a3e8a
...@@ -89,11 +89,11 @@ NameVirtualHost *:<tmpl_var name="vhost_port"> ...@@ -89,11 +89,11 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
<IfModule mod_headers.c> <IfModule mod_headers.c>
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block" Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
<IfVersion >= 2.4.7> <IfVersion >= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000" Header setifempty Strict-Transport-Security "max-age=15768000"
</IfVersion> </IfVersion>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment