Home > Software design >  Apache CSP Not Taking Effect
Apache CSP Not Taking Effect

Time:08-09

On my Apache httpd.conf file I have added the following code inside of the <VirtualHost *:80> section (and also uncommented LoadModule headers_module modules/mod_headers.so):

<IfModule mod_headers.c>
    Header set Content-Security-Policy "default-src none;"
</IfModule>

I have stopped and started my Apache server however this code is not taking effect.
If I set the CSP inside of my .php file (eg in header.php) it works fine:

<meta http-equiv="Content-Security-Policy" content="default-src none;">

Please note I have set it to none just for testing purposes.

CodePudding user response:

I have moved the CSP outside of the <VirtualHost *:80> section and it's now working as expected. I actually moved it into httpd-ssl.conf and inside of the <VirtualHost ---.com:443> section and it's working as intended.

Page link:https//www.codepudding.com/Softwaredesign/503803.html

Prev:Subdomain preserves cookies from main domain
Next:Hibernate Models - Where to keep logic for Derived Fields?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding