mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Fix CSP Always being Enabled unless in debug mode. (#9543)
This commit is contained in:
parent
ece627b3a3
commit
4e408cbc42
|
@ -99,7 +99,7 @@ class SecurityHeaders
|
||||||
// We have to exclude debug mode here because debugbar pulls from a CDN or two
|
// We have to exclude debug mode here because debugbar pulls from a CDN or two
|
||||||
// and it will break things.
|
// and it will break things.
|
||||||
|
|
||||||
if ((config('app.debug')!='true') || (config('app.enable_csp')=='true')) {
|
if ((config('app.debug')!='true') && (config('app.enable_csp')=='true')) {
|
||||||
$csp_policy[] = "default-src 'self'";
|
$csp_policy[] = "default-src 'self'";
|
||||||
$csp_policy[] = "style-src 'self' 'unsafe-inline'";
|
$csp_policy[] = "style-src 'self' 'unsafe-inline'";
|
||||||
$csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
|
$csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
|
||||||
|
|
Loading…
Reference in a new issue