From 0daf51953ae0111815f45a95e2196bea77610fe4 Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Fri, 2 Feb 2024 09:04:55 +0100
Subject: [PATCH] CSPs

---
 roles/gitea/tasks/setup.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/gitea/tasks/setup.yml b/roles/gitea/tasks/setup.yml
index 8f4bffd..c140102 100644
--- a/roles/gitea/tasks/setup.yml
+++ b/roles/gitea/tasks/setup.yml
@@ -130,6 +130,10 @@
           include snippets/letsencrypt-git.afpy.org.conf;
           client_max_body_size 16M;
 
+          add_header Content-Security-Policy-Report-Only "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'";
+          # See add_header Content-Security-Policy-Report-Only "
+          add_header X-Content-Type-Options "nosniff";
+
           # location /_/static/assets/ {
           #     alias /var/lib/gitea-static/public/;
           # }