From e03d66751160606751855d49c355883680ecbf41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yannik=20R=C3=B6del?= <hey@yannik.info>
Date: Mon, 23 May 2022 13:11:44 +0200
Subject: [PATCH] Add CSP header

Closes #29
---
 sites/angestoepselt/httpd.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sites/angestoepselt/httpd.conf b/sites/angestoepselt/httpd.conf
index 2e17696..926105e 100644
--- a/sites/angestoepselt/httpd.conf
+++ b/sites/angestoepselt/httpd.conf
@@ -7,6 +7,10 @@ include "@lighttpd@/share/lighttpd/doc/config/conf.d/mime.conf"
 server.document-root = "@site@"
 index-file.names = ( "index.html" )
 
+setenv.set-response-header += (
+	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'",
+)
+
 url.redirect = (
 	# These are redirects from the old site - keep them so we don't hurt any
 	# search engine indexes!