From 235a6f2abe9370b346e405f26ec4c23c3741c056 Mon Sep 17 00:00:00 2001
From: Dessalines <tyhou13@gmx.com>
Date: Mon, 23 Nov 2020 11:41:57 -0600
Subject: [PATCH] Adding a content security policy. Fixes #20

---
 src/server/index.tsx | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 5222a86..35d02c1 100644
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -101,6 +101,9 @@ server.get('/*', async (req, res) => {
            <meta charset="utf-8">
            <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 
+           <!-- Content Security Policy -->
+           <meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'">
+
            <!-- Web app manifest -->
            <link rel="manifest" href="/static/assets/manifest.webmanifest">
 
-- 
2.44.1