From bbbc1f452c37f0955d6a45523a3d940a75b25ff6 Mon Sep 17 00:00:00 2001
From: Timmy Willison <timmywil@users.noreply.github.com>
Date: Mon, 16 Dec 2024 11:38:27 -0500
Subject: [PATCH] All: switch to enforced CSP header

Ref https://github.com/jquery/infrastructure-puppet/issues/54
---
 themes/jquery/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/themes/jquery/functions.php b/themes/jquery/functions.php
index b1f38ebd..c47e85fe 100755
--- a/themes/jquery/functions.php
+++ b/themes/jquery/functions.php
@@ -289,7 +289,7 @@ function jq_content_security_policy() {
 	}
 
 	header( 'Reporting-Endpoints: csp-endpoint="' . $report_url . '"' );
-	header( 'Content-Security-Policy-Report-Only: ' . $policy_string );
+	header( 'Content-Security-Policy: ' . $policy_string );
 }
 
 add_action( 'send_headers', 'jq_content_security_policy' );