Update CSP

2020-04-15 19:40:04 +02:00 · 2020-04-15 19:40:04 +02:00 · 88b1f69da3
parent 8f9bfe3caa
commit 88b1f69da3
1 changed files with 2 additions and 1 deletions
--- a/layouts/index.headers
+++ b/layouts/index.headers
@ -2,7 +2,8 @@
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
+  Content-Security-Policy: default-src 'self'; img-src 'self' data:; object-src 'none'
  X-Frame-Options: SAMEORIGIN
  Referrer-Policy: strict-origin
  Feature-Policy: geolocation 'self'
-  Cache-Control: public, max-age=31536000
+  Cache-Control: public, max-age=31536000