@@ -32,7 +32,7 @@ Header always set X-Content-Type-Options "nosniff"
3232 FileETag None
3333 # Explicit HSTS for redundancy
3434 Header always set Strict-Transport-Security "max-age=631138519"
35- Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /dashboard/csp_report; report-to csp-endpoint"
35+ Header always setifempty Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /dashboard/csp_report; report-to csp-endpoint"
3636 Header set Report-To "{\"group\":\"csp-endpoint\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"/dashboard/csp_report\"}]}"
3737 Header Set Cache-Control "max-age=0, no-store, no-cache, must-revalidate"
3838 Header Set Pragma "no-cache"
@@ -45,7 +45,7 @@ Header always set X-Content-Type-Options "nosniff"
4545 FileETag None
4646 # Explicit HSTS for redundancy
4747 Header always set Strict-Transport-Security "max-age=631138519"
48- Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /dashboard/csp_report; report-to csp-endpoint"
48+ Header always setifempty Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /dashboard/csp_report; report-to csp-endpoint"
4949 Header set Report-To "{\"group\":\"csp-endpoint\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"/dashboard/csp_report\"}]}"
5050 Header Set Cache-Control "max-age=0, no-store, no-cache, must-revalidate"
5151 Header Set Pragma "no-cache"
0 commit comments