diff --git a/app/Http/Middleware/ContentSecurityPolicyHeader.php b/app/Http/Middleware/ContentSecurityPolicyHeader.php
index dd0d39cf3..05eb73ed9 100644
--- a/app/Http/Middleware/ContentSecurityPolicyHeader.php
+++ b/app/Http/Middleware/ContentSecurityPolicyHeader.php
@@ -14,14 +14,14 @@ class ContentSecurityPolicyHeader
*/
public function handle($request, Closure $next)
{
- if ((config('app.debug')=='true') || (config('app.disable_csp')=='true')) {
+ if ((config('app.debug')=='true') || (config('app.enable_csp')!='true')) {
$response = $next($request);
return $response;
}
$policy[] = "default-src 'self'";
$policy[] = "style-src 'self' 'unsafe-inline' oss.maxcdn.com";
- $policy[] = "script-src 'self' oss.mafxcdn.com cdnjs.cloudflare.com 'nonce-".csrf_token()."'";
+ $policy[] = "script-src 'self' 'unsafe-inline' oss.mafxcdn.com cdnjs.cloudflare.com 'nonce-".csrf_token()."'";
$policy[] = "connect-src 'self'";
$policy[] = "object-src 'none'";
$policy[] = "font-src 'self' data:";
diff --git a/config/app.php b/config/app.php
index e2dc3682b..43f851abd 100755
--- a/config/app.php
+++ b/config/app.php
@@ -183,7 +183,7 @@ return [
|
*/
- 'disable_csp' => env('DISABLE_CSP', false),
+ 'enable_csp' => env('ENABLE_CSP', false),
diff --git a/resources/views/layouts/default.blade.php b/resources/views/layouts/default.blade.php
index 808f18de4..ab87ce569 100644
--- a/resources/views/layouts/default.blade.php
+++ b/resources/views/layouts/default.blade.php
@@ -84,8 +84,8 @@
@else
-
-
+
+
@endif