github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(csp): add object-src to the CSP header BE-12217 (#1126)

pull/12608/merge
andres-portainer 2025-09-02 11:39:46 -03:00 committed by GitHub
parent 48dcfcb08f
commit 8d9e1a0ad5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/http/security/bouncer.go
View File

@ -534,7 +534,7 @@ func MWSecureHeaders(next http.Handler, hsts, csp bool) http.Handler {
}
if csp {
w.Header().Set("Content-Security-Policy", "script-src 'self' cdn.matomo.cloud js.hsforms.net; frame-ancestors 'none';")
w.Header().Set("Content-Security-Policy", "script-src 'self' cdn.matomo.cloud js.hsforms.net; object-src 'none'; frame-ancestors 'none';")
}
w.Header().Set("X-Content-Type-Options", "nosniff")