pablorsk · December 4, 2017 00:12
diff --git a/.htaccess b/.htaccess
 <IfModule mod_headers.c>
    RewriteCond %{REQUEST_METHOD} OPTIONS [NC]
    # Only paths starting with /api/
    RewriteCond %{REQUEST_URI} ^/api/ [NC]
    RewriteRule ^(.*)$ $1 [L,R=204,ENV=CORS:true]

    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"

    Header always set Access-Control-Max-Age 1728000 env=CORS
    Header always set Access-Control-Allow-Origin: "*" env=CORS
    Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT" env=CORS
    Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$" env=CORS
    Header always set Access-Control-Allow-Credentials true env=CORS
    Header always set Content-Security-Policy: "default-src 'self'" env=CORS
 </IfModule>
	<IfModule mod_headers.c>
	RewriteCond %{REQUEST_METHOD} OPTIONS [NC]
	# Only paths starting with /api/
	RewriteCond %{REQUEST_URI} ^/api/ [NC]
	RewriteRule ^(.*)$ $1 [L,R=204,ENV=CORS:true]

	Header always set X-Content-Type-Options "nosniff"
	Header always set X-XSS-Protection "1; mode=block"

	Header always set Access-Control-Max-Age 1728000 env=CORS
	Header always set Access-Control-Allow-Origin: "*" env=CORS
	Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT" env=CORS
	Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$" env=CORS
	Header always set Access-Control-Allow-Credentials true env=CORS
	Header always set Content-Security-Policy: "default-src 'self'" env=CORS
	</IfModule>