Use default csp value by default

Otherwise the CSP may break updates if we later change the behaviour of PrivateBin somehow. We should have done this before the v1.0 release, but well...
8 years ago · 2cd4717bd2
parent ec7af3a738
commit 2cd4717bd2
1 changed files with 1 additions and 1 deletions
--- a/cfg/conf.ini.sample
+++ b/cfg/conf.ini.sample
@ -60,7 +60,7 @@ languageselection = false
 ; custom scripts from third-party domains to your templates, e.g. tracking
 ; scripts or run your site behind certain DDoS-protection services.
 ; Check the documentation at https://content-security-policy.com/
-cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"

 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of