From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sun, 5 Oct 2025 09:08:46 +0000 (+0100)
Subject: Set a content security policy in .htaccess
X-Git-Tag: bedstead-3.261~48
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~bjharris/git?a=commitdiff_plain;h=1edf533277b3b6c830ee7dcafea3affe7e5ca020;p=bedstead.git

Set a content security policy in .htaccess

My Web site disables JavaScript by default, so we need to override
that if the Web editor is going to work.
---

diff --git a/.htaccess b/.htaccess
index fa1c09f..c1bbf55 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,3 +6,4 @@ AddType font/otf;outlines=CFF .otf
 </FilesMatch>
 AddOutputFilterByType DEFLATE application/xhtml+xml text/css font/otf \
  text/plain text/x-csrc application/postscript
+Header set Content-Security-Policy "object-src 'none';"