• Nick Sellen's avatar
    Allows CSP without a report-uri · 55570c3e
    Nick Sellen authored
    A couple of changes:
    - we always send CSP headers now
      previously we only did if CSP_REPORT_URI was defined in config
    - we default to blocking violations
      previously defaulted to report-only mode
      you can turn on report only by setting CSP_REPORT_ONLY to true
config.inc.php 1.66 KB