Fix CSP Always being Enabled unless in debug mode. (#9543)

This commit is contained in:
Tom Misilo 2021-05-05 12:51:47 -05:00 committed by GitHub
parent ece627b3a3
commit 4e408cbc42
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -99,7 +99,7 @@ class SecurityHeaders
// We have to exclude debug mode here because debugbar pulls from a CDN or two // We have to exclude debug mode here because debugbar pulls from a CDN or two
// and it will break things. // and it will break things.
if ((config('app.debug')!='true') || (config('app.enable_csp')=='true')) { if ((config('app.debug')!='true') && (config('app.enable_csp')=='true')) {
$csp_policy[] = "default-src 'self'"; $csp_policy[] = "default-src 'self'";
$csp_policy[] = "style-src 'self' 'unsafe-inline'"; $csp_policy[] = "style-src 'self' 'unsafe-inline'";
$csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'"; $csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";