From eaed236398962878f66b7859b08635d0e5b4a00b Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Fri, 20 Apr 2018 10:34:50 +0200
Subject: [PATCH] OO-3415: enable per default the security features (but CSP
 only in reporting mode)

---
 .../org/olat/core/commons/services/csp/CSPModule.java  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/olat/core/commons/services/csp/CSPModule.java b/src/main/java/org/olat/core/commons/services/csp/CSPModule.java
index 1f471bd07ca..62bfe9b2957 100644
--- a/src/main/java/org/olat/core/commons/services/csp/CSPModule.java
+++ b/src/main/java/org/olat/core/commons/services/csp/CSPModule.java
@@ -65,15 +65,15 @@ public class CSPModule extends AbstractSpringModule {
 	private static final String CONTENT_SECURITY_POLICY_OBJECT_SRC = "base.security.contentSecurityPolicy.objectSrc";
 	private static final String CONTENT_SECURITY_POLICY_PLUGIN_TYPE = "base.security.contentSecurityPolicy.pluginType";
 
-	@Value("${base.security.frameOptionsSameOrigine:disabled}")
+	@Value("${base.security.frameOptionsSameOrigine:enabled}")
 	private String xFrameOptionsSameorigin;
-	@Value("${base.security.strictTransportSecurity:disabled}")
+	@Value("${base.security.strictTransportSecurity:enabled}")
 	private String strictTransportSecurity;
-	@Value("${base.security.xContentTypeOptions:disabled}")
+	@Value("${base.security.xContentTypeOptions:enabled}")
 	private String xContentTypeOptions;
-	@Value("${base.security.contentSecurityPolicy:disabled}")
+	@Value("${base.security.contentSecurityPolicy:enabled}")
 	private String contentSecurityPolicy;
-	@Value("${base.security.contentSecurityPolicy.reportOnly:disabled}")
+	@Value("${base.security.contentSecurityPolicy.reportOnly:enabled}")
 	private String contentSecurityPolicyReportOnly;
 	
 	@Value("${base.security.contentSecurityPolicy.defaultSrc:}")
-- 
GitLab