Permalink
Browse files

Make sure we don't set CSP headers on Bada - it's broken!

  • Loading branch information...
1 parent 515c831 commit ed2556fdf38c7fa99b1ffd16adabe825b3e3e425 @NielsLeenheer NielsLeenheer committed Nov 30, 2013
Showing with 8 additions and 5 deletions.
  1. +8 −5 .htaccess
View
@@ -50,10 +50,13 @@ RewriteRule ^browserconfig.xml /images/icons/browserconfig.xml
</IfModule>
</FilesMatch>
-<FilesMatch "index.html">
+
+SetEnvIf User-Agent .*Bada.* BROKEN_CSP
+
+<FilesMatch "[index|qr].html">
<IfModule mod_headers.c>
- Header set X-WebKit-CSP "default-src 'unsafe-inline' *; frame-src *; options inline-script;"
- Header set Content-Security-Policy "default-src 'unsafe-inline' *; frame-src *; options inline-script;"
- Header set X-Content-Security-Policy "default-src 'unsafe-inline' *; frame-src *; options inline-script;"
+ Header set X-WebKit-CSP "default-src 'unsafe-inline' *; frame-src *; options inline-script;" env=!BROKEN_CSP
+ Header set Content-Security-Policy "default-src 'unsafe-inline' *; frame-src *; options inline-script;" env=!BROKEN_CSP
+ Header set X-Content-Security-Policy "default-src 'unsafe-inline' *; frame-src *; options inline-script;" env=!BROKEN_CSP
</IfModule>
-</FilesMatch>
+</FilesMatch>

0 comments on commit ed2556f

Please sign in to comment.