From 14cd147ddf85248e3d8d59082959cce2554aa023 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sun, 22 Sep 2019 12:20:01 +0200
Subject: [PATCH] Replace maxcdn by stackpath in CSP headers

---
 core/http_api.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/http_api.php b/core/http_api.php
index 8de87d6e49..8446d86f5d 100644
--- a/core/http_api.php
+++ b/core/http_api.php
@@ -225,15 +225,15 @@ function http_security_headers() {
 		# White list the CDN urls (if enabled)
 		if ( config_get_global( 'cdn_enabled' ) == ON ) {
 			http_csp_add( 'style-src', 'ajax.googleapis.com' );
-			http_csp_add( 'style-src', 'maxcdn.bootstrapcdn.com' );
+			http_csp_add( 'style-src', 'stackpath.bootstrapcdn.com' );
 			http_csp_add( 'style-src', 'fonts.googleapis.com' );
 			http_csp_add( 'style-src', 'cdnjs.cloudflare.com' );
 
 			http_csp_add( 'font-src', 'fonts.gstatic.com' );
-			http_csp_add( 'font-src', 'maxcdn.bootstrapcdn.com' );
+			http_csp_add( 'font-src', 'stackpath.bootstrapcdn.com' );
 
 			http_csp_add( 'script-src', 'ajax.googleapis.com' );
-			http_csp_add( 'script-src', 'maxcdn.bootstrapcdn.com' );
+			http_csp_add( 'script-src', 'stackpath.bootstrapcdn.com' );
 			http_csp_add( 'script-src', 'cdnjs.cloudflare.com' );
 
 			http_csp_add( 'img-src', 'ajax.googleapis.com' );