Move content security policy header to Response from htaccess

docker-compose.yml

@@ -31,4 +31,5 @@ services:
       - "8081:80"
     environment:
       PMA_HOST: db
-      MYSQL_ROOT_PASSWORD: ${PROJECT_DB_ROOT_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${PROJECT_DB_ROOT_PASSWORD}
+      UPLOAD_LIMIT: 300M

src/php/.htaccess

@@ -1,6 +1,3 @@
-# To resolve the issue with "Your connection to this site is not secure" message
-Header set Content-Security-Policy: upgrade-insecure-requests env=HTTPS 
-
 RewriteEngine On    # Turn on the rewriting engine
 
 RewriteRule    ^view/([0-9]+)/([0-9]+)/?$    router.php?view=word&dict=$1&word=$2    [NC,L]    # Handle word ids.

src/php/api/Response.php

@@ -3,9 +3,13 @@ class Response {
   private static function defaultHeaders () {
     header('Access-Control-Allow-Origin: *');
     header('Expires: Sun, 01 Nov 2015 22:46:51 GMT');
-    header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
-    header("Cache-Control: post-check=0, pre-check=0", false);
-    header("Pragma: no-cache");
+    header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
+    header('Cache-Control: post-check=0, pre-check=0', false);
+    header('Pragma: no-cache');
+    if (strpos($_SERVER['SERVER_NAME'], 'localhost') !== false) {
+      # To resolve the issue with "Your connection to this site is not secure" message
+      header('Content-Security-Policy: upgrade-insecure-requests env=HTTPS');
+    }
   }
   
   public static function json ($data, $http_code = 200) {