Remove strict CSP header for #4622

2024-12-28 18:01:26 -06:00 · 2021-04-09 06:05:27 +02:00 · 2021-04-09 06:05:27 +02:00 · 1912e46113
commit 1912e46113
parent 075f951cfe
1 changed files with 0 additions and 2 deletions
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@ -53,8 +53,6 @@ class SecureHeaders
        $csp               = [
            "default-src 'none'",
            "object-src 'none'",
-            "require-trusted-types-for 'script'",
-            //sprintf("script-src 'unsafe-inline' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
            sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
            "style-src 'unsafe-inline' 'self'",
            "base-uri 'self'",