arya/mozhi
1
0
Fork 0
mirror of https://codeberg.org/aryak/mozhi synced 2024-09-19 21:35:33 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

unsafe-inline for scripts as well
All checks were successful
mozhi pipeline / Push Docker image to Codeberg docker registry (push) Successful in 8m7s
Details
mozhi pipeline / Build and publish artifacts (push) Successful in 14m7s
Details

Browse Source
This commit is contained in:
Arya 2023-09-21 23:42:28 +05:30
parent 9e832e517f
commit 1fb9df08ab
Signed by: arya
GPG Key ID: 842D12BDA50DF120
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
serve/serve.go
View File

@ -78,7 +78,7 @@ func Serve(port string) {
c.Set("X-XSS-Protection", "1; mode=block")
c.Set("X-Content-Type-Options", "nosniff")
c.Set("Referrer-Policy", "no-referrer")
c.Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self';")
c.Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self';")
c.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
return c.Next()
})