From 525e0ebadb36d4641e111e2c04e20bb08724db97 Mon Sep 17 00:00:00 2001
From: JockLee <5155291+webees@users.noreply.github.com>
Date: Fri, 15 Nov 2024 20:17:09 +0800
Subject: [PATCH] Content-Security-Policy

---
 config/Caddyfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/Caddyfile b/config/Caddyfile
index 8810129..a0e3a25 100644
--- a/config/Caddyfile
+++ b/config/Caddyfile
@@ -15,6 +15,7 @@
 	encode zstd gzip
 
 	header / {
+		Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*.xvx.cc; frame-ancestors 'self'"
 		# Enable HTTP Strict Transport Security (HSTS)
 		Strict-Transport-Security "max-age=31536000;"
 		# Enable cross-site filter (XSS) and tell browser to block detected attacks