CSP on photos.afpy.org

2023-03-05 16:53:55 +01:00 · 2023-03-05 16:53:55 +01:00 · d4c74a252c
parent 4163e91032
commit d4c74a252c
1 changed files with 2 additions and 0 deletions
--- a/afpy.org.yml
+++ b/afpy.org.yml
@ -273,6 +273,8 @@
          {
              listen [::]:443 ssl http2; listen 443 ssl http2;
              server_name photos.afpy.org;
+              add_header Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'";
+              add_header X-Content-Type-Options "nosniff";
              include snippets/letsencrypt-photos.afpy.org.conf;
              root /var/www/photos.afpy.org/;
          }