Set Content-Security-Policy tag when the raw option is used

2025-01-08 10:45:04 +02:00 · 2023-02-25 18:58:44 +03:00 · 2023-02-25 18:58:44 +03:00 · 70d657113e
commit 70d657113e
parent 62f8d08a93
1 changed files with 1 additions and 0 deletions
--- a/stream.go
+++ b/stream.go
@ -118,6 +118,7 @@ func streamOriginImage(ctx context.Context, reqID string, r *http.Request, rw ht
 		"Expires":       rw.Header().Get("Expires"),
 	})
 	setCanonical(rw, imageURL)
+	rw.Header().Set("Content-Security-Policy", "script-src 'none'")

 	rw.WriteHeader(res.StatusCode)