1 files changed, 3 insertions, 0 deletions
diff --git a/httpd.c b/httpd.c
index 5a38aff..d22bb14 100644
--- a/httpd.c
+++ b/httpd.c
@@ -553,6 +553,9 @@ void httpd_connection(FILE *f)
    headers = xs_dict_append(headers, "access-control-allow-origin", "*");
    headers = xs_dict_append(headers, "access-control-allow-headers", "*");
+    /* disable any form of fucking JavaScript */
+    headers = xs_dict_append(headers, "Content-Security-Policy", "script-src ;");
    if (p_state->use_fcgi)
        xs_fcgi_response(f, status, headers, body, b_size, fcgi_id);
    else

diff --git a/httpd.c b/httpd.c index 5a38aff..d22bb14 100644 --- a/httpd.c +++ b/httpd.c
@@ -553,6 +553,9 @@ void httpd_connection(FILE *f)
553	headers = xs_dict_append(headers, "access-control-allow-origin", "*");	553	headers = xs_dict_append(headers, "access-control-allow-origin", "*");
554	headers = xs_dict_append(headers, "access-control-allow-headers", "*");	554	headers = xs_dict_append(headers, "access-control-allow-headers", "*");
555		555
		556	/* disable any form of fucking JavaScript */
		557	headers = xs_dict_append(headers, "Content-Security-Policy", "script-src ;");
		558
556	if (p_state->use_fcgi)	559	if (p_state->use_fcgi)
557	xs_fcgi_response(f, status, headers, body, b_size, fcgi_id);	560	xs_fcgi_response(f, status, headers, body, b_size, fcgi_id);
558	else	561	else