mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 01:25:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added content-security policy for SVG files in webserver config

Browse source
This commit is contained in:
Jan Böhmer 2025-05-18 20:38:53 +02:00
parent 7e34535e62
commit 2b694731ad
2 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
public/.htaccess
View file

@ -118,3 +118,10 @@ DirectoryIndex index.php
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
# Set Content-Security-Policy for svg files (and compressed variants), to block embedded javascript in there
<IfModule mod_headers.c>
<FilesMatch "\.(svg|svg\.gz|svg\.br)$">
Header set Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'none';"
</FilesMatch>
</IfModule>