From c03bd495f68fd968c01df45fdfa81f9ed93d5f29 Mon Sep 17 00:00:00 2001
From: rramiachraf <51409801+rramiachraf@users.noreply.github.com>
Date: Fri, 27 Jan 2023 14:31:10 +0100
Subject: [PATCH] feat: disable loading images from external entities

---
 utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils.go b/utils.go
index 9ffa990..15f89d9 100644
--- a/utils.go
+++ b/utils.go
@@ -43,7 +43,7 @@ func write(w http.ResponseWriter, status int, data []byte) {
 
 func securityHeaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		csp := "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' images.genius.com; object-src 'none'"
+		csp := "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; object-src 'none'"
 		w.Header().Add("content-security-policy", csp)
 		w.Header().Add("referrer-policy", "no-referrer")
 		w.Header().Add("x-content-type-options", "nosniff")