nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable Content-Security-Policy header by default

Browse source
This commit is contained in:
Benjamin Neff 2018-04-10 02:29:11 +02:00
parent 89f7f97294
commit c0a4895854
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/defaults.yml
View file

@ -150,7 +150,7 @@ defaults:
title: 'diaspora* social network'
description: 'diaspora* is the online social world where you are in control.'
csp:
report_only: true
report_only: false
report_uri:
services:
facebook:

8
config/diaspora.yml.example
View file

@ -571,10 +571,10 @@ configuration: ## Section
## is blocked by CSP.
csp:
## Report-Only header (default=true)
## By default diaspora* adds only a "Content-Security-Policy-Report-Only" header. If you set
## this to false, the "Content-Security-Policy" header is added instead.
#report_only: false
## Report-Only header (default=false)
## By default diaspora* adds a "Content-Security-Policy" header. If you set
## this to true, the "Content-Security-Policy-Report-Only" header is added instead.
#report_only: true
## CSP report URI (default=)
## You can set an URI here, where the user agent reports violations as JSON document via a POST request.