mirror of
https://git.sr.ht/~emersion/gamja
synced 2024-12-01 20:06:57 -05:00
Add embedded Content-Security-Policy
Add a baseline CSP applicable to all gamja deployments. Resources can only be loaded from the current host, frames and objects are disallowed, and scripts are allowed to connect to any host (to allow cross-site WebSocket connections). If the server returns a different CSP via an HTTP header, the effective CSP will be the intersection.
This commit is contained in:
parent
d8d2cbe0f7
commit
e29ccf7220
1 changed files with 1 additions and 0 deletions
|
@ -2,6 +2,7 @@
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'none'; object-src 'none'; connect-src *;">
|
||||||
<title>gamja IRC client</title>
|
<title>gamja IRC client</title>
|
||||||
<link rel="stylesheet" href="./style.css">
|
<link rel="stylesheet" href="./style.css">
|
||||||
<script type="module" src="./main.js"></script>
|
<script type="module" src="./main.js"></script>
|
||||||
|
|
Loading…
Reference in a new issue