Hello, I’m trying to implement a bit of security on modx sites, but I’m having a problem including this in the .htaccess it’s braking the manager.
<IfModule mod_headers.c>
Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
<FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|txt|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
Header unset Content-Security-Policy
</FilesMatch>
</IfModule>
I can’t see any external file being called from the manager, so why is that?
Thanks!