Merge pull request #63 from cypherbits/fix-security-header

Fix Content-Security-Policy header.
2020-05-07 20:29:27 +02:00
parent ac46e658bd 5aeca202ca
commit a4d2484e24
1 changed files with 1 additions and 1 deletions
--- a/chat.php
+++ b/chat.php
@ -3286,7 +3286,7 @@ function send_headers(){
 	header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
 	header('Expires: 0');
 	header('Referrer-Policy: no-referrer');
-	header('Content-Security-Policy: referrer never');
+	header("Content-Security-Policy: default-src 'self'; img-src *; media-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");
    header('X-Content-Type-Options: nosniff');
    header('X-Frame-Options: sameorigin');
    header('X-XSS-Protection: 1; mode=block');