Skip to content

Commit

Permalink
"Apache: Unset the Content-Security-Policy header before setting it.
Browse files Browse the repository at this point in the history 
Prevents double occurences of the CSP header
  • Loading branch information
@quartje
quartje committed Apr 17, 2024
1 parent 4804a15 commit 98edda6
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions apache2/conf/openconext.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@ CustomLog /proc/self/fd/1 openconext
# Set the CSP header if it was defined as an env variable
PassEnv HTTPD_CSP
<If "osenv('HTTPD_CSP') != ''">
Header unset Content-Security-Policy
Header always set Content-Security-Policy "${HTTPD_CSP}"
</If>
1 change: 1 addition & 0 deletions php82-apache2/conf/openconext.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Re
# Set the CSP header if it was defined as an env variable
PassEnv HTTPD_CSP
<If "osenv('HTTPD_CSP') != ''">
Header unset Content-Security-Policy
Header always set Content-Security-Policy "${HTTPD_CSP}"
</If>

0 comments on commit 98edda6

Please sign in to comment.