Harden default CSP

Change-Id: I31362b3ec779a1eaea54c0d9567daa5de0ae0fc0
author: Vika <vika@fireburn.ru> 2025-01-02 14:50:34 +0300
committer: Vika <vika@fireburn.ru> 2025-01-02 14:50:34 +0300
commit: bbfca3190f3c3cac5eefd74ed30d0c4b14f08f0c (patch)
tree: ff2983d59070b34d61719c18196c361db1427fa3 /src/lib.rs
parent: ac1defca9d81849f1a61d6cc7476f99939a4aa7c (diff)
download: kittybox-bbfca3190f3c3cac5eefd74ed30d0c4b14f08f0c.tar.zst
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 3fb6845..6d8e784 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -311,7 +311,7 @@ St: Clone + Send + Sync + 'static
         .layer(tower_http::set_header::SetResponseHeaderLayer::appending(
             axum::http::header::CONTENT_SECURITY_POLICY,
             axum::http::HeaderValue::from_static(
-                "default-src https:; img-src https:; script-src 'self'; style-src 'self'; script-src-attr 'none'; base-uri 'none'"
+                "default-src 'self'; img-src https:; script-src 'self'; style-src 'self'; base-uri 'none'; object-src 'none'"
             )
         ))
 }
author	Vika <vika@fireburn.ru>	2025-01-02 14:50:34 +0300
committer	Vika <vika@fireburn.ru>	2025-01-02 14:50:34 +0300
commit	bbfca3190f3c3cac5eefd74ed30d0c4b14f08f0c (patch)
tree	ff2983d59070b34d61719c18196c361db1427fa3 /src/lib.rs
parent	ac1defca9d81849f1a61d6cc7476f99939a4aa7c (diff)
download	kittybox-bbfca3190f3c3cac5eefd74ed30d0c4b14f08f0c.tar.zst