From 1863364ef76294f3e554ad4c4dc3f4dc952ad4ff Mon Sep 17 00:00:00 2001
From: Julian Prieber <julian.prieber@llc.ovh>
Date: Fri, 20 Jan 2023 13:25:18 +0100
Subject: [PATCH] Update lang.blade.php

---
 resources/views/layouts/lang.blade.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/resources/views/layouts/lang.blade.php b/resources/views/layouts/lang.blade.php
index 82adebd..fc44941 100644
--- a/resources/views/layouts/lang.blade.php
+++ b/resources/views/layouts/lang.blade.php
@@ -1,4 +1,4 @@
-@if(env('FORCE_HTTPS') == 'true')<?php URL::forceScheme('https');  ?>@endif
+@if(env('FORCE_HTTPS') == 'true')<?php URL::forceScheme('https'); header("Content-Security-Policy: upgrade-insecure-requests"); ?>@endif
 @if(env('CUSTOM_META_TAGS') == 'true' and config('advanced-config.lang') != '')
 <html lang="{{ config('advanced-config.lang') }}">
 @else
@@ -8,7 +8,6 @@
 {{-- Redirects to https if enabled in the advanced-config --}}
 @if(env('FORCE_ROUTE_HTTPS') == 'true')
 @php
-header("Content-Security-Policy: upgrade-insecure-requests");
 if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
     $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
     header("Location: $redirect_url");