Enforce content security policy

gapple · Jun 19, 2017 · 59c847a · 59c847a
1 parent 70469e4
commit 59c847a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/app.php b/src/app.php
@@ -17,13 +17,13 @@
 
     if (stripos($response->headers->get('Content-Type'), 'text/html') !== false) {
         $response->headers->set(
-            'Content-Security-Policy-Report-Only',
+            'Content-Security-Policy',
             "default-src 'self'; " .
                 "script-src 'self' 'unsafe-inline' code.jquery.com www.google.com www.google-analytics.com; " .
                 "style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com www.google.com ajax.googleapis.com; " .
                 "img-src 'self' s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; " .
                 "connect-src 'self' www.drupal.org www.google-analytics.com;" .
-                "report-uri https://gapple.report-uri.io/r/default/csp/reportOnly;"
+                "report-uri https://gapple.report-uri.io/r/default/csp/enforce;"
         );
     }
 });