From 4ecda4d4e0a4d939de808df1cde97f906dc737a4 Mon Sep 17 00:00:00 2001 From: James Cole Date: Wed, 7 Apr 2021 20:47:40 +0200 Subject: [PATCH] Add some special headers. --- app/Http/Middleware/SecureHeaders.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php index 82bf301873..b26eb4900a 100644 --- a/app/Http/Middleware/SecureHeaders.php +++ b/app/Http/Middleware/SecureHeaders.php @@ -53,8 +53,9 @@ class SecureHeaders $csp = [ "default-src 'none'", "object-src 'self'", - sprintf("script-src 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc), - "style-src 'self' 'unsafe-inline'", + sprintf("script-src 'unsafe-inline' 'nonce-%1s' %2s 'strict-dynamic'", $nonce, $trackingScriptSrc), + "style-src 'self'", + "frame-ancestors 'none'", "base-uri 'self'", "font-src 'self' data:", "connect-src 'self'",