Use default csp value by default

Otherwise the CSP may break updates if we later change the behaviour of PrivateBin somehow.
We should have done this before the v1.0 release, but well...
This commit is contained in:
rugk 2016-09-18 12:21:42 +02:00
parent ec7af3a738
commit 2cd4717bd2
No known key found for this signature in database
GPG Key ID: 05D40A636AFAB34D
1 changed files with 1 additions and 1 deletions

View File

@ -60,7 +60,7 @@ languageselection = false
; custom scripts from third-party domains to your templates, e.g. tracking ; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services. ; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/ ; Check the documentation at https://content-security-policy.com/
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;" ; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
; stay compatible with PrivateBin Alpha 0.19, less secure ; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of