diff --git a/src/.htaccess b/src/.htaccess index d04c23c..1220650 100644 --- a/src/.htaccess +++ b/src/.htaccess @@ -1,5 +1,6 @@ RewriteEngine On + +Header always set "Content-Security-Policy" "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'" + RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] - -Header add Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'"