commit - f897bb2469da024a8db3b1fae10d24ac7cf040e1
commit + 4d648b92ac1ac5f952a42f29052c56e8d32547a3
blob - e1cfdd3906bda91a9adc685b20feaf8b9b3adbd0
blob + 072126ddb17614b1c833d48856c433c128ab891c
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
const struct got_error *
gotweb_render_content_type(struct request *c, const uint8_t *type)
{
- fcgi_printf(c, "Content-Type: %s\r\n\r\n", type);
+ const char *csp = "default-src 'self'; script-src 'none'; "
+ "object-src 'none';";
+
+ fcgi_printf(c,
+ "Content-Security-Policy: %s\r\n"
+ "Content-Type: %s\r\n\r\n",
+ csp, type);
return NULL;
}