From 2cd4717bd25d9249ca0a727970b3b08fa08e11c7 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 18 Sep 2016 12:21:42 +0200 Subject: [PATCH] Use default csp value by default Otherwise the CSP may break updates if we later change the behaviour of PrivateBin somehow. We should have done this before the v1.0 release, but well... --- cfg/conf.ini.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/conf.ini.sample b/cfg/conf.ini.sample index aee6990c..16ce1d76 100644 --- a/cfg/conf.ini.sample +++ b/cfg/conf.ini.sample @@ -60,7 +60,7 @@ languageselection = false ; custom scripts from third-party domains to your templates, e.g. tracking ; scripts or run your site behind certain DDoS-protection services. ; Check the documentation at https://content-security-policy.com/ -cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;" +; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;" ; stay compatible with PrivateBin Alpha 0.19, less secure ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of