From 9900159635d616f01fb1be98ef94145637d06d07 Mon Sep 17 00:00:00 2001 From: Sam Feifer Date: Tue, 13 May 2025 11:33:22 -0400 Subject: [PATCH] fix CVE-2025-4123 --- conf/defaults.ini | 2 +- conf/sample.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/defaults.ini b/conf/defaults.ini index 2d6e1235b60..cf1ce8a962f 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -310,7 +310,7 @@ x_xss_protection = true # Enable adding the Content-Security-Policy header to your requests. # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks. -content_security_policy = false +content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. diff --git a/conf/sample.ini b/conf/sample.ini index 227c90e895d..19afa036b9b 100644 --- a/conf/sample.ini +++ b/conf/sample.ini @@ -310,7 +310,7 @@ # Enable adding the Content-Security-Policy header to your requests. # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks. -;content_security_policy = false +;content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. -- 2.49.0