From 64e6ce3660853783e839f669aafeeacbe94f7571 Mon Sep 17 00:00:00 2001
From: Quentin Aristote <quentin@aristote.fr>
Date: Thu, 23 Feb 2023 19:16:25 +0100
Subject: web: quentin: add CSP

---
 config/services/web/quentin/default.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'config/services')

diff --git a/config/services/web/quentin/default.nix b/config/services/web/quentin/default.nix
index 4a908f5..66628a9 100644
--- a/config/services/web/quentin/default.nix
+++ b/config/services/web/quentin/default.nix
@@ -8,6 +8,7 @@
     enableACME = true;
     extraConfig = ''
       add_header Cache-Control no-cache;
+      add_header Content-Security-Policy "default-src 'none'; form-action 'none'; frame-ancestors 'none'; font-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';";
     '';
   };
 
-- 
cgit v1.2.3