Add Content-Security-Policy header

author: Frédéric Guillot <fred@miniflux.net> 2017-11-25 18:21:02 -0800
committer: Frédéric Guillot <fred@miniflux.net> 2017-11-25 18:21:02 -0800
commit: 4560af165e7fa25dddd46f49ad4a0d9f3149336c (patch)
tree: 7c6df01ab27790449f991d247df7057b0b387b0f /server/core/response.go
parent: bd663b43a0b2d26936ba8a6172090b845a17550c (diff)
download: v2-4560af165e7fa25dddd46f49ad4a0d9f3149336c.tar.gz
v2-4560af165e7fa25dddd46f49ad4a0d9f3149336c.tar.zst
v2-4560af165e7fa25dddd46f49ad4a0d9f3149336c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/server/core/response.go b/server/core/response.go
index 3bce9d91..4aef8af0 100644
--- a/server/core/response.go
+++ b/server/core/response.go
@@ -69,6 +69,7 @@ func (r *Response) commonHeaders() {
 	r.writer.Header().Set("X-XSS-Protection", "1; mode=block")
 	r.writer.Header().Set("X-Content-Type-Options", "nosniff")
 	r.writer.Header().Set("X-Frame-Options", "DENY")
+	r.writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *")
 }
 
 // NewResponse returns a new Response.
author	Frédéric Guillot <fred@miniflux.net>	2017-11-25 18:21:02 -0800
committer	Frédéric Guillot <fred@miniflux.net>	2017-11-25 18:21:02 -0800
commit	4560af165e7fa25dddd46f49ad4a0d9f3149336c (patch)
tree	7c6df01ab27790449f991d247df7057b0b387b0f /server/core/response.go
parent	bd663b43a0b2d26936ba8a6172090b845a17550c (diff)
download	v2-4560af165e7fa25dddd46f49ad4a0d9f3149336c.tar.gz v2-4560af165e7fa25dddd46f49ad4a0d9f3149336c.tar.zst v2-4560af165e7fa25dddd46f49ad4a0d9f3149336c.zip