commit - ddf2e5c25df6ac585a7908b50cc996d14f90eb2f
commit + 0b75e088e5e7799559ddc81934e9d06c29f10c5b
blob - 13925bb911f89a70f4befccba6360461bd6c44db
blob + 57eaf45343e11c31c878875724b102dbbf4aa774
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
const struct got_error *
gotweb_render_content_type(struct request *c, const uint8_t *type)
{
- fcgi_printf(c, "Content-Type: %s\r\n\r\n", type);
+ const char *csp = "default-src 'self'; script-src 'none'; "
+ "object-src 'none';";
+
+ fcgi_printf(c,
+ "Content-Security-Policy: %s\r\n"
+ "Content-Type: %s\r\n\r\n",
+ csp, type);
return NULL;
}