From b53769462bf830f860b7d741a3d0801afdbc9aa2 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Thu, 30 May 2024 14:01:35 +0200
Subject: feat: make security headers stricter

---
 internal/config/config.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'internal/config/config.go')

diff --git a/internal/config/config.go b/internal/config/config.go
index 81c5f3c..c8739f0 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -117,6 +117,11 @@ func GetConfig(filename string) (*Config, error) {
 		}
 	}
 
+	config.Web.ContentSecurityPolicy.ScriptSrc = append(
+		config.Web.ContentSecurityPolicy.ScriptSrc,
+		config.Web.BaseURL.JoinPath("/static/").String(),
+	)
+
 	maps.DeleteFunc(config.Importer.Sources, func(_ string, v *Source) bool {
 		return !v.Enable
 	})
-- 
cgit 1.4.1