Use setifempty to please incompatible httpd versions
Some httpd versions have problem with the old logic leading to resourced served with multiple headers.
This commit is contained in:
parent
a0345b9465
commit
1ae30d1d9c
1 changed files with 6 additions and 3 deletions
|
@ -14,9 +14,12 @@
|
|||
Header set X-Frame-Options "SAMEORIGIN"
|
||||
SetEnv modHeadersAvailable true
|
||||
|
||||
# Add CSP header if not set, used for static resources
|
||||
Header append Content-Security-Policy ""
|
||||
Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
|
||||
<IfModule mod_version.c>
|
||||
<IfVersion >= 2.4.7>
|
||||
# Add CSP header if not set, used for static resources
|
||||
Header setifempty Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
|
||||
</IfVersion>
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
# Add cache control for CSS and JS files
|
||||
|
|
Loading…
Reference in a new issue