feat: add stricter CSPs

2022-12-27 23:44:17 -05:00 · 2022-12-27 23:44:17 -05:00 · e0a4b2363f
commit e0a4b2363f
parent 3555f055cf
2 changed files with 8 additions and 4 deletions
--- a/templates/home.html
+++ b/templates/home.html
@ -5,6 +5,10 @@
        <link rel="stylesheet" href="/static/globals.css" />
        <link rel="stylesheet" href="/static/home.css" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />
+        <meta
+            http-equiv="Content-Security-Policy"
+            content="default-src 'none'; style-src 'self'; script-src 'none';"
+        />
    </head>
    <body>
        <div class="container">
@ -17,9 +21,9 @@
                StackOverflow.
            </p>
            {{ if .errorMessage }}
-                <div class="error">
-                    <p><b>Error</b>: {{ .errorMessage }}</p>
-                </div>
+            <div class="error">
+                <p><b>Error</b>: {{ .errorMessage }}</p>
+            </div>
            {{ end }}
            <form method="POST">
                <div class="view-form">
--- a/templates/question.html
+++ b/templates/question.html
@ -7,7 +7,7 @@
        <meta name="viewport" content="width=device-width, initial-scale=1" />
        <meta
            http-equiv="Content-Security-Policy"
-            content="default-src 'self'; style-src 'self'; script-src 'none'; img-src https:;"
+            content="default-src 'none'; style-src 'self'; script-src 'none'; img-src https:;"
        />
    </head>
    <body>