diff options
| author |  default | 2025-02-13 19:44:21 +0100 |
|---|---|---|
| committer | default | 2025-02-13 19:44:21 +0100 |
| commit | 292b2fd1224a40fd3fa5bc33248a7b11316abc22 (patch) | |
| tree | 98eed1cf462048ee337e27cdc6652b02e1dadc50 /doc | |
| parent | Drop SVG attachments, as they may include JavaScript. (diff) | |
| download | penes-snac2-292b2fd1224a40fd3fa5bc33248a7b11316abc22.tar.gz penes-snac2-292b2fd1224a40fd3fa5bc33248a7b11316abc22.tar.xz penes-snac2-292b2fd1224a40fd3fa5bc33248a7b11316abc22.zip | |
Force the Content-Security-Policy header, instead of just suggesting it in the docs.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/snac.8 | 4 |
1 files changed, 1 insertions, 3 deletions
| @@ -198,9 +198,7 @@ By setting this to true, no inbox collection is done. Inbox collection helps | |||
| 198 | being discovered from remote instances, but also increases network traffic. | 198 | being discovered from remote instances, but also increases network traffic. |
| 199 | .It Ic http_headers | 199 | .It Ic http_headers |
| 200 | If you need to add more HTTP response headers for whatever reason, you can | 200 | If you need to add more HTTP response headers for whatever reason, you can |
| 201 | fill this object with the required header/value pairs. For example, for enhanced | 201 | fill this object with the required header/value pairs. |
| 202 | XSS security, you can set the "Content-Security-Policy" header to "script-src ;" | ||
| 203 | to be totally sure that no JavaScript is executed. | ||
| 204 | .It Ic show_instance_timeline | 202 | .It Ic show_instance_timeline |
| 205 | If this is set to true, the instance base URL will show a timeline with the latest | 203 | If this is set to true, the instance base URL will show a timeline with the latest |
| 206 | user posts instead of the default greeting static page. If other information | 204 | user posts instead of the default greeting static page. If other information |