Fix allowed form-action in content security policy
The 'self' form action is needed for uploading CSV files, so that they can be validated. phpcs-errors:253 phpunit-status:successful
This commit is contained in:
parent
1bccab2da2
commit
8a64ae740b
@ -29,6 +29,6 @@ DirectoryIndex index.php
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
# Set content and feature security headers
|
||||
Header set Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://*.jrenslin.de; img-src 'self' https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action https://nat.museum-digital.de;"
|
||||
Header set Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://*.jrenslin.de; img-src 'self' https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self';"
|
||||
Header set Feature-Policy "midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'self'; gyroscope 'self'; speaker *; payment 'none'; fullscreen 'self'; geolocation 'none';"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user