chipmunkmc/gamja
1
0
Fork 0
mirror of https://codeberg.org/emersion/gamja.git synced 2024-11-14 19:05:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add embedded Content-Security-Policy

Browse source 
Add a baseline CSP applicable to all gamja deployments. Resources
can only be loaded from the current host, frames and objects are
disallowed, and scripts are allowed to connect to any host (to allow
cross-site WebSocket connections).

If the server returns a different CSP via an HTTP header, the
effective CSP will be the intersection.
This commit is contained in:
Simon Ser 2021-11-27 12:35:02 +01:00
parent d8d2cbe0f7
commit e29ccf7220
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
index.html
View file

@ -2,6 +2,7 @@
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'none'; object-src 'none'; connect-src *;">
<title>gamja IRC client</title>
<link rel="stylesheet" href="./style.css">
<script type="module" src="./main.js"></script>