From 74db26a0b16556199c94276dd40fd669750b6c20 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 21 May 2020 04:05:40 +0200
Subject: cgit: Tighten Content-Security-Policy.

Add frame-ancestors and form-action.
---
 roles/git/files/etc/nginx/sites-available/git | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git
index 3f2bc7f..9e9d16e 100644
--- a/roles/git/files/etc/nginx/sites-available/git
+++ b/roles/git/files/etc/nginx/sites-available/git
@@ -26,7 +26,7 @@ server {
 
     include snippets/headers.conf;
     add_header Content-Security-Policy
-               "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'";
+               "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; frame-ancestors 'none'; form-action 'self'";
 
     include snippets/ssl.conf;
     ssl_certificate     ssl/git.fripost.org.pem;
-- 
cgit v1.2.3