Introduce CSP headers to Kalamar (start of #72) Change-Id: I84b7ff0accab3d783ad653fae123c25fee1d92b9

commit: bc6b3f2d2e8a6945a6516960c42864410639fe50 [log] [tgz]
author: Akron <nils@diewald-online.de> Wed Jan 13 14:53:12 2021 +0100
committer: Akron <nils@diewald-online.de> Mon Jan 18 17:23:23 2021 +0100
tree: 52ad509d3aa1d01056d9b85a76e5618a2ab4bea7
parent: 278a29f66ad28c34bf66ee43de26cd9aa6f2c5b6 [diff] [blame]
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 61827f8..f5a111d 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm

@@ -123,6 +123,22 @@
     );
   };
 
+  my $csp = $conf->{cs_policy} // (
+    "default-src 'self';".
+      "style-src 'self' 'unsafe-inline';".
+      "frame-src *;".
+      "media-src 'none';".
+      "object-src 'self';".
+      "font-src 'self';".
+      "img-src 'self' data:;"
+    );
+
+  $self->hook(
+    before_render => sub {
+      shift->res->headers->header('Content-Security-Policy' => $csp);
+    }
+  );
+
   # API is not yet set - define
   $conf->{api_path} //= $ENV{KALAMAR_API};
   $conf->{api_version} //= $API_VERSION;
commit	bc6b3f2d2e8a6945a6516960c42864410639fe50	[log] [tgz]
author	Akron <nils@diewald-online.de>	Wed Jan 13 14:53:12 2021 +0100
committer	Akron <nils@diewald-online.de>	Mon Jan 18 17:23:23 2021 +0100
tree	52ad509d3aa1d01056d9b85a76e5618a2ab4bea7
parent	278a29f66ad28c34bf66ee43de26cd9aa6f2c5b6 [diff] [blame]