diff options
author | Robert Kowalski <rok@kowalski.gd> | 2014-09-06 20:49:12 +0200 |
---|---|---|
committer | Robert Kowalski <rok@kowalski.gd> | 2014-11-28 21:57:27 +0100 |
commit | dbd38a1b948bc83e8228d1fd4618a3cfbfdfdd9e (patch) | |
tree | e70b55d58d36943b04260acc677ab82f2a247938 | |
parent | b9ac495dd9193a6263f3974cad846cd064b6c7b1 (diff) | |
download | couchdb-dbd38a1b948bc83e8228d1fd4618a3cfbfdfdd9e.tar.gz |
Enable CSP support for /_utils per default
With Futon getting removed in 2.x, which had too much inline-
JavaScript etc., is not used any more. Fauxton is able to work
with our default CSP settings.
-rw-r--r-- | rel/overlay/etc/default.ini | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 73121d42f..76508aa9c 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -80,9 +80,9 @@ iterations = 10 ; iterations for password hashing ; comma-separated list of public fields, 404 if empty ; public_fields = -; Experimental CSP (Content Security Policy) Support for _utils +; CSP (Content Security Policy) Support for _utils [csp] -enable = false +enable = true ; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; [cors] |