From fa5b2836e090958f077adca7c0b134b0e3ce59fe Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 09:22:07 +0200 Subject: Setting Content-Security-Policy to "default-src https: 'self'; style-src https: 'self' 'unsafe-inline'". Signed-off-by: Daniel Baumann --- debian/apache2.postinst | 3 ++- debian/config-dir/conf-available/csp.conf | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 debian/config-dir/conf-available/csp.conf (limited to 'debian') diff --git a/debian/apache2.postinst b/debian/apache2.postinst index e17a012..4e49e9f 100644 --- a/debian/apache2.postinst +++ b/debian/apache2.postinst @@ -55,7 +55,8 @@ enable_default_conf() { if is_fresh_install $@ ; then for conf in charset localized-error-pages other-vhosts-access-log \ - security serve-cgi-bin ; do + security serve-cgi-bin \ + csp ; do a2enconf -m -q $conf done fi diff --git a/debian/config-dir/conf-available/csp.conf b/debian/config-dir/conf-available/csp.conf new file mode 100644 index 0000000..ccbeadf --- /dev/null +++ b/debian/config-dir/conf-available/csp.conf @@ -0,0 +1,7 @@ +# /etc/apache2/conf-available/csp.conf + + + + Header always set Content-Security-Policy "default-src https: 'self'; style-src https: 'self' 'unsafe-inline'" + + -- cgit v1.2.3