Set a minimal CSP

 - Styles and scripts can now only be loaded from Kittybox
   (hint: use the media endpoint if you wish to upload custom CSS)
 - Inline scripts are now completely prohibited
   (this means it's safe to show arbitrary HTML from Webmentions)
 - `<base>` element is prohibited (who uses that anyway?)
 - Loading anything else is only allowed via HTTPS

Change-Id: I285a18b71dd9860416b18dd0e88f8fe7c8511e0b

0 files changed, 0 insertions, 0 deletions