Remove script-src: unsafe-inline from CSP header.

This reverts commit 9dac4f19.

#170 #175
parent 3621239f
......@@ -269,7 +269,7 @@ Header always set Content-Security-Policy: "\
img-src 'self' https://f-droid.org https://fdroid.gitlab.io; \
media-src 'self'; \
object-src 'none'; \
script-src 'self' 'unsafe-inline'; \
script-src 'self'; \
style-src 'self' 'unsafe-inline'; \
"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment