Harder CSP.

2023-01-23 14:00:05 +01:00 · 2023-01-23 14:00:05 +01:00 · cc68d83beb
parent fe8291db81
commit cc68d83beb
1 changed files with 1 additions and 1 deletions
--- a/mdk.fr.yml
+++ b/mdk.fr.yml
@ -57,7 +57,7 @@
              charset utf-8;
              server_name mdk.fr;
              include snippets/letsencrypt-mdk.fr.conf;
-              add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;";
+              add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'";
              add_header X-Frame-Options "DENY";

              location /noindex/ {