From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sun, 12 Oct 2025 12:53:45 +0000 (+0100)
Subject: More restrictive content security policy for Web site
X-Git-Tag: bedstead-3.261~36
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~bjharris/git?a=commitdiff_plain;h=4c3abb66bef6a3523ebeda0f18ce78c10e1b555f;p=bedstead.git

More restrictive content security policy for Web site
---

diff --git a/.htaccess b/.htaccess
index c1bbf55..3200afd 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,4 +6,7 @@ AddType font/otf;outlines=CFF .otf
 </FilesMatch>
 AddOutputFilterByType DEFLATE application/xhtml+xml text/css font/otf \
  text/plain text/x-csrc application/postscript
-Header set Content-Security-Policy "object-src 'none';"
+Header set Content-Security-Policy "form-action 'none';\
+ default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self';\
+ script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval';\
+ style-src 'self' 'unsafe-inline'"