From ebad3f47697de0b66e30b9151da23ad9d5324f63 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Tue, 30 May 2023 10:56:44 +0100
Subject: [PATCH] Content security

---
 deploy/i2p   | 1 +
 deploy/onion | 1 +
 2 files changed, 2 insertions(+)

diff --git a/deploy/i2p b/deploy/i2p
index 69ac8c91d..5a4ecd96f 100755
--- a/deploy/i2p
+++ b/deploy/i2p
@@ -352,6 +352,7 @@ echo "Creating nginx virtual host for http://${I2P_DOMAIN}"
   echo '    gzip_proxied    expired no-cache no-store private auth;';
   echo '    gzip_types      gzip_types text/plain text/css text/vcard text/vcard+xml application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;';
   echo '';
+  echo "    add_header Content-Security-Policy \"script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline'\";";
   echo '    add_header X-Content-Type-Options nosniff;';
   echo '    add_header X-XSS-Protection "1; mode=block";';
   echo '    add_header X-Download-Options noopen;';
diff --git a/deploy/onion b/deploy/onion
index 18c1ab125..545281a28 100755
--- a/deploy/onion
+++ b/deploy/onion
@@ -274,6 +274,7 @@ echo "Creating nginx virtual host for ${ONION_DOMAIN}"
   echo '    gzip_proxied    expired no-cache no-store private auth;';
   echo '    gzip_types      gzip_types text/plain text/css text/vcard text/vcard+xml application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;';
   echo '';
+  echo "    add_header Content-Security-Policy \"script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline'\";";
   echo '    add_header X-Content-Type-Options nosniff;';
   echo '    add_header X-XSS-Protection "1; mode=block";';
   echo '    add_header X-Download-Options noopen;';