Extend Content-Security-Policy

author: Stefan Kreutz <mail@skreutz.com> 2026-02-24 20:00:06 +0100
committer: Stefan Kreutz <mail@skreutz.com> 2026-02-24 20:00:06 +0100
commit: d56700cad490998a73f01a53c42c39421a8fc627 (patch)
tree: 2f3e4393bc55b626f87833f9a5d4b3bd83cb0fa5 /templates/default.html
parent: f3b750778925417e1ced768b00fd1a2f652b08eb (diff)
download: blog-d56700cad490998a73f01a53c42c39421a8fc627.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/default.html b/templates/default.html
index 2c90301..e081344 100644
--- a/templates/default.html
+++ b/templates/default.html
@@ -2,7 +2,7 @@
 <html lang="en">
   <head>
     <meta charset="utf-8">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'self'; img-src 'self' data:">
+    <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'self'; img-src 'self' data:; frame-ancestors: 'none'; form-action: 'none'">
     <meta http-equiv="x-ua-compatible" content="ie=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="author" content="Stefan Kreutz">
author	Stefan Kreutz <mail@skreutz.com>	2026-02-24 20:00:06 +0100
committer	Stefan Kreutz <mail@skreutz.com>	2026-02-24 20:00:06 +0100
commit	d56700cad490998a73f01a53c42c39421a8fc627 (patch)
tree	2f3e4393bc55b626f87833f9a5d4b3bd83cb0fa5 /templates/default.html
parent	f3b750778925417e1ced768b00fd1a2f652b08eb (diff)
download	blog-d56700cad490998a73f01a53c42c39421a8fc627.tar.gz