Improve CSP setup

Alan Pearce alan@alanpearce.eu

Mon, 11 Sep 2023 17:56:22 +0200

commit

c936c99fad7e090a3caaaa6bdd5fbaf38d39abba

parent

ad65cd42eb600a4c9ae2cd2a27b28d3d6a50088f

2 files changed, 2 insertions(+), 1 deletions(-)

jump to

Caddyfile
config.toml

M Caddyfile → Caddyfile

@@ -55,7 +55,7 @@ header { 		Cache-Control max-age=14400
 		X-Content-Type-Options nosniff
 		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-		Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'"
+		Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; form-action 'none'; base-uri 'self'"
 	}
 	handle_errors {
 		@404 expression `{err.status_code} == 404`

M config.toml → config.toml

@@ -23,6 +23,7 @@ author_name = "Alan Pearce" author_image = "/img/me-thumb.jpg"
 hide_made_with_line = true
 date_format = "%F"
+webserver_sends_csp_headers = true
 
 [[extra.main_menu]]
     name = "Posts"

all repos — website @ c936c99fad7e090a3caaaa6bdd5fbaf38d39abba

My website