From ba183ce6543f102ae635502a0da0ac7c923cc97a Mon Sep 17 00:00:00 2001
From: Literallie
Date: Wed, 18 Oct 2017 17:10:23 +0200
Subject: Add basic CSP support

---
 lib/config/default.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'lib/config')

diff --git a/lib/config/default.js b/lib/config/default.js
index f4c45e3d..e207dfc6 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -13,6 +13,16 @@ module.exports = {
     includeSubdomains: true,
     preload: true
   },
+  csp: {
+    enable: true,
+    reportUri: '',
+    directives: {
+      defaultSrc: ["'self'"],
+      scriptSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      fontSrc: ["'self'"]
+    }
+  },
   protocolusessl: false,
   usecdn: true,
   allowanonymous: true,
-- 
cgit v1.2.3