From fa5b2836e090958f077adca7c0b134b0e3ce59fe Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 27 Apr 2024 09:22:07 +0200
Subject: Setting Content-Security-Policy to "default-src https: 'self';
 style-src https: 'self' 'unsafe-inline'".

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/config-dir/conf-available/csp.conf | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 debian/config-dir/conf-available/csp.conf

(limited to 'debian/config-dir')

diff --git a/debian/config-dir/conf-available/csp.conf b/debian/config-dir/conf-available/csp.conf
new file mode 100644
index 0000000..ccbeadf
--- /dev/null
+++ b/debian/config-dir/conf-available/csp.conf
@@ -0,0 +1,7 @@
+# /etc/apache2/conf-available/csp.conf
+
+<IfModule mod_ssl.c>
+	<IfModule mod_headers.c>
+		Header always set Content-Security-Policy "default-src https: 'self'; style-src https: 'self' 'unsafe-inline'"
+	</IfModule>
+</IfModule>
-- 
cgit v1.2.3