Add object-src CSP rule

xremming · Dec 11, 2023 · bfb48c4 · bfb48c4
1 parent 327c920
commit bfb48c4
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/cmd/helpers.go b/cmd/helpers.go
@@ -49,6 +49,7 @@ func makeCSP() (string, string) {
 		fmt.Sprintf("script-src 'self' 'nonce-%s' https://static.cloudflareinsights.com", nonce),
 		"img-src 'self' https://svgs.scryfall.io https://cards.scryfall.io",
 		"connect-src 'self' https://api.scryfall.com https://cloudflareinsights.com",
+		"object-src 'none'",
 		"child-src 'none'",
 	}