Enable CSP support for /_utils per defaultenable-csp-default

With Futon getting removed in 2.x, which had too much inline-
JavaScript etc., is not used any more. Fauxton is able to work
with our default CSP settings.

2 files changed, 2 insertions, 19 deletions

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 2585ebb6c..5aff5d0e2 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -79,9 +79,9 @@ iterations = 10 ; iterations for password hashing
 ; comma-separated list of public fields, 404 if empty
 ; public_fields =
 
-; Experimental CSP (Content Security Policy) Support for _utils
+; CSP (Content Security Policy) Support for _utils
 [csp]
-enable = false
+enable = true
 ; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
 
 [cors]
diff --git a/share/doc/src/experimental.rst b/share/doc/src/experimental.rst
index fae925c15..077fcaae0 100644
--- a/share/doc/src/experimental.rst
+++ b/share/doc/src/experimental.rst
@@ -79,20 +79,3 @@ Plugins
 =======
 
 See `src/couch_plugins/README.md`.
-
-
-Content-Security-Policy (CSP) Header Support for /_utils (Fauxton)
-==================================================================
-
-This will just work with Fauxton, and not Futon. You can enable it
-in your config: you can enable the feature in general and change
-the default header that is sent for everything in /_utils.
-
-    .. code-block:: ini
-
-      [csp]
-      enable = true
-
-Then restart CouchDB.
-
-Have fun!