Remove strict CSP header for #4622

2025-09-04 03:43:07 +00:00 · 2021-04-09 06:05:27 +02:00
parent 075f951cfe
commit 1912e46113
1 changed files with 0 additions and 2 deletions
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -53,8 +53,6 @@ class SecureHeaders
        $csp               = [
            "default-src 'none'",
            "object-src 'none'",
-            "require-trusted-types-for 'script'",
-            //sprintf("script-src 'unsafe-inline' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
            sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
            "style-src 'unsafe-inline' 'self'",
            "base-uri 'self'",