-
A couple of changes: - we always send CSP headers now previously we only did if CSP_REPORT_URI was defined in config - we default to blocking violations previously defaulted to report-only mode you can turn on report only by setting CSP_REPORT_ONLY to true
55570c3e