From 1edf533277b3b6c830ee7dcafea3affe7e5ca020 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sun, 5 Oct 2025 10:08:46 +0100
Subject: [PATCH] Set a content security policy in .htaccess

My Web site disables JavaScript by default, so we need to override
that if the Web editor is going to work.
---
 .htaccess | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.htaccess b/.htaccess
index fa1c09f..c1bbf55 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,3 +6,4 @@ AddType font/otf;outlines=CFF .otf
 </FilesMatch>
 AddOutputFilterByType DEFLATE application/xhtml+xml text/css font/otf \
  text/plain text/x-csrc application/postscript
+Header set Content-Security-Policy "object-src 'none';"
-- 
2.30.2