From 292b2fd1224a40fd3fa5bc33248a7b11316abc22 Mon Sep 17 00:00:00 2001
From: default
Date: Thu, 13 Feb 2025 19:44:21 +0100
Subject: Force the Content-Security-Policy header, instead of just suggesting
 it in the docs.

---
 doc/snac.8 | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'doc/snac.8')

diff --git a/doc/snac.8 b/doc/snac.8
index c0a110c..7a7352c 100644
--- a/doc/snac.8
+++ b/doc/snac.8
@@ -198,9 +198,7 @@ By setting this to true, no inbox collection is done. Inbox collection helps
 being discovered from remote instances, but also increases network traffic.
 .It Ic http_headers
 If you need to add more HTTP response headers for whatever reason, you can
-fill this object with the required header/value pairs. For example, for enhanced
-XSS security, you can set the "Content-Security-Policy" header to "script-src ;"
-to be totally sure that no JavaScript is executed.
+fill this object with the required header/value pairs.
 .It Ic show_instance_timeline
 If this is set to true, the instance base URL will show a timeline with the latest
 user posts instead of the default greeting static page. If other information
-- 
cgit v1.2.3