all repos — website @ f8ee173f8c1703727d276a6c7a9f6d80b5dbb5e2

My website

Add content-security-policy headers
Alan Pearce alan@alanpearce.eu
Tue, 05 Sep 2023 21:11:11 +0200
commit

f8ee173f8c1703727d276a6c7a9f6d80b5dbb5e2

parent

3e93a2c34c676bcebd943e049f16d32bbac0a1bd

1 files changed, 2 insertions(+), 0 deletions(-)

jump to
M CaddyfileCaddyfile
@@ -30,6 +30,7 @@ header { 		Cache-Control max-age=86400
 		X-Content-Type-Options nosniff
 		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"
 	}
 
 	redir /pronouns https://en.pronouns.page/@alanpearce
@@ -49,6 +50,7 @@ header { 		Cache-Control max-age=14400
 		X-Content-Type-Options nosniff
 		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"
 	}
 	handle_errors {
 		@404 expression `{err.status_code} == 404`