From d19fac15feba3212c5834431795e6f2616b0d510 Mon Sep 17 00:00:00 2001
From: "tristan.champomier" <rooty@rooty.me>
Date: Sun, 11 Apr 2021 02:23:25 +0200
Subject: [PATCH] Added Content-Security-Policy headers securization

---
 .htaccess | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.htaccess b/.htaccess
index 6ccfe83..3d9cbcd 100755
--- a/.htaccess
+++ b/.htaccess
@@ -33,6 +33,9 @@ Options -Indexes
 		
 		Header onsuccess unset Permissions-Policy
 		Header always set Permissions-Policy "geolocation=(self);midi=(self);microphone=(self);camera=(self);fullscreen=(self);payment=()"
+		
+		Header onsuccess unset Content-Security-Policy
+		Header always set Content-Security-Policy: default-src 'none'; script-src 'self'
 
 		SetEnv modHeadersAvailable true
 	</IfModule>