From f8ee173f8c1703727d276a6c7a9f6d80b5dbb5e2 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Tue, 5 Sep 2023 21:11:11 +0200 Subject: Add content-security-policy headers --- Caddyfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Caddyfile b/Caddyfile index d0ede2a..f06dbce 100644 --- a/Caddyfile +++ b/Caddyfile @@ -30,6 +30,7 @@ http://aln.pe { Cache-Control max-age=86400 X-Content-Type-Options nosniff Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'" } redir /pronouns https://en.pronouns.page/@alanpearce @@ -49,6 +50,7 @@ http://alanpearce.eu { Cache-Control max-age=14400 X-Content-Type-Options nosniff Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + Content-Security-Policy "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'" } handle_errors { @404 expression `{err.status_code} == 404` -- cgit 1.4.1