all repos — homestead @ f4f798ee590e6950e68cac26757a7f64a66b579e

Code for my website

Add content-security-policy headers

Alan Pearce
commit

f4f798ee590e6950e68cac26757a7f64a66b579e

parent

3254773978daf5dd2fc2f106749e3ddf9ee2cd90

1 file changed, 2 insertions(+), 0 deletions(-)

jump to
M CaddyfileCaddyfile
@@ -30,6 +30,7 @@ header {
 		Cache-Control max-age=86400
 		X-Content-Type-Options nosniff
 		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"
 	}
 
 	redir /pronouns https://en.pronouns.page/@alanpearce

@@ -49,6 +50,7 @@ header {
 		Cache-Control max-age=14400
 		X-Content-Type-Options nosniff
 		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"
 	}
 	handle_errors {
 		@404 expression `{err.status_code} == 404`