From 1ae30d1d9c849b3e1ef3e75a78bd3aab49f48afd Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Tue, 15 Dec 2015 16:37:10 +0100
Subject: [PATCH] Use setifempty to please incompatible httpd versions

Some httpd versions have problem with the old logic leading to resourced served with multiple headers.
---
 .htaccess | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.htaccess b/.htaccess
index bb030c6acca..db1fa997555 100644
--- a/.htaccess
+++ b/.htaccess
@@ -14,9 +14,12 @@
     Header set X-Frame-Options "SAMEORIGIN"
     SetEnv modHeadersAvailable true
 
-    # Add CSP header if not set, used for static resources
-    Header append Content-Security-Policy ""
-    Header edit Content-Security-Policy "^$" "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
+    <IfModule mod_version.c>
+        <IfVersion >= 2.4.7>
+            # Add CSP header if not set, used for static resources
+            Header setifempty Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'"
+        </IfVersion>
+    </IfModule>
   </IfModule>
 
   # Add cache control for CSS and JS files
-- 
GitLab