# SSM Transport - Apache Config

# Override Content-Security-Policy to allow CDN resources
<IfModule mod_headers.c>
    Header always unset Content-Security-Policy
    Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob:; connect-src 'self' https://cdn.jsdelivr.net; frame-ancestors 'none';"
</IfModule>

# PHP settings
<IfModule mod_php.c>
    php_flag display_errors off
</IfModule>

# Disable directory listing
Options -Indexes

# Protect config file
<Files "config.php">
    Order deny,allow
    Deny from all
</Files>
