diff options
-rw-r--r-- | rel/overlay/etc/default.ini | 4 | ||||
-rw-r--r-- | share/doc/src/experimental.rst | 17 |
2 files changed, 2 insertions, 19 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 2585ebb6c..5aff5d0e2 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -79,9 +79,9 @@ iterations = 10 ; iterations for password hashing ; comma-separated list of public fields, 404 if empty ; public_fields = -; Experimental CSP (Content Security Policy) Support for _utils +; CSP (Content Security Policy) Support for _utils [csp] -enable = false +enable = true ; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; [cors] diff --git a/share/doc/src/experimental.rst b/share/doc/src/experimental.rst index fae925c15..077fcaae0 100644 --- a/share/doc/src/experimental.rst +++ b/share/doc/src/experimental.rst @@ -79,20 +79,3 @@ Plugins ======= See `src/couch_plugins/README.md`. - - -Content-Security-Policy (CSP) Header Support for /_utils (Fauxton) -================================================================== - -This will just work with Fauxton, and not Futon. You can enable it -in your config: you can enable the feature in general and change -the default header that is sent for everything in /_utils. - - .. code-block:: ini - - [csp] - enable = true - -Then restart CouchDB. - -Have fun! |