summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:05:53 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:05:53 +0000
commit0992980dbdcfb9505e39689f3de42dc5427f8a84 (patch)
treef6f344d778b2aac01fa8c439b8e306dca85256e7
parentSetting ServerSignature to Off in security.conf. (diff)
downloadapache2-0992980dbdcfb9505e39689f3de42dc5427f8a84.tar.xz
apache2-0992980dbdcfb9505e39689f3de42dc5427f8a84.zip
Setting Content-Security-Policy to "default-src https: 'self'; style-src https: 'self' 'unsafe-inline'".
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/apache2.postinst3
-rw-r--r--debian/config-dir/conf-available/csp.conf7
2 files changed, 9 insertions, 1 deletions
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index 80a1860..fb856c5 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -62,7 +62,8 @@ enable_default_conf()
{
if is_fresh_install $@ ; then
for conf in charset localized-error-pages other-vhosts-access-log \
- security serve-cgi-bin ; do
+ security serve-cgi-bin \
+ csp ; do
a2enconf -m -q $conf
done
fi
diff --git a/debian/config-dir/conf-available/csp.conf b/debian/config-dir/conf-available/csp.conf
new file mode 100644
index 0000000..ccbeadf
--- /dev/null
+++ b/debian/config-dir/conf-available/csp.conf
@@ -0,0 +1,7 @@
+# /etc/apache2/conf-available/csp.conf
+
+<IfModule mod_ssl.c>
+ <IfModule mod_headers.c>
+ Header always set Content-Security-Policy "default-src https: 'self'; style-src https: 'self' 'unsafe-inline'"
+ </IfModule>
+</IfModule>