From 98edda64ba733f2725181a82441d004265225c8a Mon Sep 17 00:00:00 2001
From: Bart Geesink <bart.geesink@surf.nl>
Date: Wed, 17 Apr 2024 15:29:16 +0200
Subject: [PATCH] "Apache: Unset the Content-Security-Policy header before
 setting it. Prevents double occurences of the CSP header

---
 apache2/conf/openconext.conf       | 1 +
 php82-apache2/conf/openconext.conf | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apache2/conf/openconext.conf b/apache2/conf/openconext.conf
index cb3493f..80b3f41 100644
--- a/apache2/conf/openconext.conf
+++ b/apache2/conf/openconext.conf
@@ -9,5 +9,6 @@ CustomLog /proc/self/fd/1 openconext
 # Set the CSP header if it was defined as an env variable
 PassEnv HTTPD_CSP
 <If "osenv('HTTPD_CSP') != ''">
+    Header unset Content-Security-Policy
     Header always set Content-Security-Policy "${HTTPD_CSP}"
 </If>
diff --git a/php82-apache2/conf/openconext.conf b/php82-apache2/conf/openconext.conf
index 18f8d04..c8aa14c 100644
--- a/php82-apache2/conf/openconext.conf
+++ b/php82-apache2/conf/openconext.conf
@@ -9,6 +9,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Re
 # Set the CSP header if it was defined as an env variable
 PassEnv HTTPD_CSP
 <If "osenv('HTTPD_CSP') != ''">
+    Header unset Content-Security-Policy
     Header always set Content-Security-Policy "${HTTPD_CSP}"
 </If>