From 040bbf3922c077f8bbb37ba2f0d35b25af22c162 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Colombaro?= <git@colombaro.fr>
Date: Tue, 30 Jul 2019 13:43:58 +0200
Subject: [PATCH] Add Content-Security-Policy for all XML relative types

Ref: https://github.com/h5bp/server-configs-apache/pull/200
---
 lib/basic-file-access.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/lib/basic-file-access.json b/lib/basic-file-access.json
index 2fb9222..fc6c636 100644
--- a/lib/basic-file-access.json
+++ b/lib/basic-file-access.json
@@ -28,7 +28,8 @@
       {
         "target": "test.atom",
         "responseHeaders": {
-          "Cache-Control": "max-age=3600"
+          "Cache-Control": "max-age=3600",
+          "Content-Security-Policy": true
         }
       },
       {
@@ -129,6 +130,7 @@
         "target": "test.js",
         "responseHeaders": {
           "Cache-Control": "max-age=31536000",
+          "Content-Security-Policy": true,
           "Content-Type": "text/javascript; charset=utf-8"
         }
       },
@@ -173,6 +175,7 @@
         "target": "test.mjs",
         "responseHeaders": {
           "Cache-Control": "max-age=31536000",
+          "Content-Security-Policy": true,
           "Content-Type": "text/javascript; charset=utf-8"
         }
       },
@@ -201,7 +204,12 @@
           "Access-Control-Allow-Origin": "*"
         }
       },
-      "test.pdf",
+      {
+        "target": "test.pdf",
+        "responseHeaders": {
+          "Content-Security-Policy": true
+        }
+      },
       {
         "target": "test.png",
         "requestHeaders": {
@@ -214,13 +222,15 @@
       {
         "target": "test.rdf",
         "responseHeaders": {
-          "Cache-Control": "max-age=3600"
+          "Cache-Control": "max-age=3600",
+          "Content-Security-Policy": true
         }
       },
       {
         "target": "test.rss",
         "responseHeaders": {
-          "Cache-Control": "max-age=3600"
+          "Cache-Control": "max-age=3600",
+          "Content-Security-Policy": true
         }
       },
       {
@@ -235,7 +245,8 @@
           "Origin": "http://"
         },
         "responseHeaders": {
-          "Access-Control-Allow-Origin": "*"
+          "Access-Control-Allow-Origin": "*",
+          "Content-Security-Policy": true
         }
       },
       {
@@ -244,7 +255,8 @@
           "Origin": "http://"
         },
         "responseHeaders": {
-          "Access-Control-Allow-Origin": "*"
+          "Access-Control-Allow-Origin": "*",
+          "Content-Security-Policy": true
         }
       },
       "test.swf",
@@ -325,7 +337,8 @@
       {
         "target": "test.xml",
         "responseHeaders": {
-          "Cache-Control": "max-age=0"
+          "Cache-Control": "max-age=0",
+          "Content-Security-Policy": true
         }
       },
       "test.xpi"