added CSP Header to Readme

author: Christian Pointner <equinox@helsinki.at> 2016-09-01 12:47:28 (GMT)
committer: Christian Pointner <equinox@helsinki.at> 2016-09-01 12:47:37 (GMT)
commit: b77ac81d6f354d602a3b97c29f94c883032956ea (patch)
tree: 7cabf61bb138fcb3cb857315c54fce5c11c9031e
parent: 2bbb6da294e8a253906eb75c84b15afa6aef444e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/README b/README
index 1cc687f..f0cbe29 100644
--- a/README
+++ b/README
@@ -46,6 +46,8 @@ LDAPTrustedGlobalCert CA_BASE64 /etc/ldap/ldapscert.pem
 add the following to the virtualhost config:
 
 ~~~snip~~~
+	Header always set Content-Security-Policy "default-src 'none'; connect-src 'self' wss://import.helsinki.at; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self';"
+
 	AssignUserID rduser rivendell
 
 	Include /etc/rivendell/apache-2.4.conf
author	Christian Pointner <equinox@helsinki.at>	2016-09-01 12:47:28 (GMT)
committer	Christian Pointner <equinox@helsinki.at>	2016-09-01 12:47:37 (GMT)
commit	b77ac81d6f354d602a3b97c29f94c883032956ea (patch)
tree	7cabf61bb138fcb3cb857315c54fce5c11c9031e
parent	2bbb6da294e8a253906eb75c84b15afa6aef444e (diff)