Last active
February 7, 2018 01:03
-
-
Save AmeliaBriscoe/54d6cf06e31bfc829a41bc7503b4c4c2 to your computer and use it in GitHub Desktop.
Add X-Frame-Options and Content-Security-Policy headers to Apache (.htaccess file)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add X-Frame-Option Headers | |
| <IfModule mod_headers.c> | |
| Header always append X-Frame-Options "ALLOW-FROM https://rightmessage.com" | |
| Header always append X-Frame-Options ALLOWALL | |
| </IfModule> | |
| # Apply a CSP to all HTML and PHP files | |
| <FilesMatch "\.(html|php)$"> | |
| Header set Content-Security-Policy "frame-ancestors https:; default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; connect-src https; object-src 'none';" | |
| </FilesMatch> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment