před 6 měsíci · 28603b6ff4
--- a/theme/root/.htaccess
+++ b/theme/root/.htaccess
@@ -40,7 +40,7 @@ ExpiresByType application/x-font-woff2 "access plus 1 year"

 Header always set Strict-Transport-Security "max-age=31536000; preload"
 Header always set X-Frame-Options SAMEORIGIN
 Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *"
 Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *; frame-src 'self' https://player.vimeo.com; script-src 'self' 'unsafe-inline' https://player.vimeo.com"
 Header always set X-Content-Type-Options nosniff
 Header always set X-XSS-Protection "1; mode=block"
 Header always set Referrer-Policy "origin"