Adding a content security policy. Fixes #20
authorDessalines <tyhou13@gmx.com>
Mon, 23 Nov 2020 17:41:57 +0000 (11:41 -0600)
committerDessalines <tyhou13@gmx.com>
Mon, 23 Nov 2020 17:41:57 +0000 (11:41 -0600)
src/server/index.tsx

index 5222a86a3deb2e9f179a5bb261c5d63c1a510b02..35d02c16515636959d4ed1699b60ea10915ef5f0 100644 (file)
@@ -101,6 +101,9 @@ server.get('/*', async (req, res) => {
            <meta charset="utf-8">
            <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 
+           <!-- Content Security Policy -->
+           <meta http-equiv="Content-Security-Policy" content="default-src 'none'; connect-src 'self'; frame-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'">
+
            <!-- Web app manifest -->
            <link rel="manifest" href="/static/assets/manifest.webmanifest">