NEXT-15677 - Fix XSS for SVG files

shopware · Aug 2, 2021 · abe9f69 · abe9f69
1 parent 912b96d
commit abe9f69
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/public/.htaccess.dist b/public/.htaccess.dist
@@ -36,7 +36,7 @@ DirectoryIndex index.php
 </IfModule>
 
 <IfModule mod_headers.c>
-    <FilesMatch "\.svg$">
+    <FilesMatch "\.(?i:svg)$">
         Header set Content-Security-Policy "script-src 'none'"
     </FilesMatch>
 </IfModule>