diff --git a/internal/middleware/security.go b/internal/middleware/security.go index d81207b..b5c7200 100644 --- a/internal/middleware/security.go +++ b/internal/middleware/security.go @@ -11,8 +11,14 @@ func SecurityHeaders(next http.Handler) http.Handler { w.Header().Set("X-Frame-Options", "DENY") w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin") w.Header().Set("Content-Security-Policy", - "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; "+ - "img-src 'self' https: data:; connect-src 'self' wss: ws:; font-src 'self';") + "default-src 'self'; "+ + "script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://unpkg.com; "+ + "worker-src 'self' blob:; "+ + "child-src 'self' blob:; "+ + "style-src 'self' 'unsafe-inline'; "+ + "img-src 'self' https: data: blob:; "+ + "connect-src 'self' wss: ws: https:; "+ + "font-src 'self';") w.Header().Set("Permissions-Policy", "camera=(self), microphone=(self), geolocation=()") next.ServeHTTP(w, r) })