Remove unsafe-inline from CSP header.

f-droid · Jan 9, 2018 · 65ce866 · 65ce866
1 parent 01e101e
commit 65ce866
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.htaccess b/.htaccess
@@ -256,7 +256,7 @@ Header always set Content-Security-Policy: "\
  img-src 'self' https://f-droid.org https://fdroid.gitlab.io; \
  media-src 'self'; \
  object-src 'none'; \
- script-src 'self' 'unsafe-inline'; \
+ script-src 'self'; \
  style-src 'self' 'unsafe-inline'; \
 "