Adopt CSP plugin for main headers
Change-Id: I1d08860622091a5806172deafad9e819114fc078
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 9ec798e..b13de68 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -119,22 +119,6 @@
);
};
- my $csp = $conf->{cs_policy} // (
- "default-src 'self';".
- "style-src 'self' 'unsafe-inline';".
- "frame-src *;".
- "media-src 'none';".
- "object-src 'self';".
- "font-src 'self';".
- "img-src 'self' data:;"
- );
-
- $self->hook(
- before_render => sub {
- shift->res->headers->header('Content-Security-Policy' => $csp);
- }
- );
-
# API is not yet set - define the default Kustvakt api endpoint
$conf->{api_path} //= $ENV{KALAMAR_API} || 'https://korap.ids-mannheim.de/api/';
$conf->{api_version} //= $API_VERSION;
@@ -159,6 +143,17 @@
HTML => 1
});
+ # Establish content security policy
+ $self->plugin(CSP => {
+ 'default-src' => 'self',
+ 'style-src' => ['self','unsafe-inline'],
+ 'frame-src' => '*',
+ 'media-src' => 'none',
+ 'object-src' => 'self',
+ 'font-src' => 'self',
+ 'img-src' => ['self', 'data:']
+ });
+
# Localization framework
$self->plugin(Localize => {
dict => {