2
I am a part time Apache administrator (not by choice). We have an animated gif hit counter. I want to add a CSP to disable active content, but include a CORS policy to allow the gif for the hit counter.
I found an example of adding the CORS policy to .htaccess
, but its not the httpd.conf
file. How do I take the following .htaccess
:
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
<FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
And add it to .httpd.conf
?