2024-03-25, 10:03 PM
Hi,
have done some more digging and testing. This seems to be caused by one or more of those headers, will narrow them down tomorrow (just a quik note today):
I suspect the Content-Security-Policy, as it should block scripts, will update as soon as I've tested this.
have done some more digging and testing. This seems to be caused by one or more of those headers, will narrow them down tomorrow (just a quik note today):
Code:
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
Header always set Strict-Transport-Security "max-age=15552000; preload"
Header always set X-Content-Type-Options nosniff
Header always set X-Robots-Tag none
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "same-origin"
Header always set Content-Security-Policy "default-src 'none'; script-src 'none'; object-src 'none'; base-uri 'self' dachs.blog"
Header always set Feature-Policy "geolocation 'self'; midi 'self'; sync-xhr 'self'; microphone 'self'; camera 'self'; magnetometer 'self'; gyroscope 'self'; speaker 'self'; fullscreen 'self'; payment 'self'"I suspect the Content-Security-Policy, as it should block scripts, will update as soon as I've tested this.