From 235a6f2abe9370b346e405f26ec4c23c3741c056 Mon Sep 17 00:00:00 2001 From: Dessalines <tyhou13@gmx.com> Date: Mon, 23 Nov 2020 11:41:57 -0600 Subject: [PATCH] Adding a content security policy. Fixes #20 --- src/server/index.tsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/server/index.tsx b/src/server/index.tsx index 5222a86..35d02c1 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -101,6 +101,9 @@ server.get('/*', async (req, res) => { <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> + <!-- Content Security Policy --> + <meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"> + <!-- Web app manifest --> <link rel="manifest" href="/static/assets/manifest.webmanifest"> -- 2.44.1