From a7c93061b48e9cdb557f054aa6621f4a53112d4a Mon Sep 17 00:00:00 2001
From: Thomas Pike <thomasp@opera.com>
Date: Mon, 27 Feb 2017 15:14:21 +0100
Subject: [PATCH] Enable Content-Security-Policy.

---
 templates/base.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/base.php b/templates/base.php
index a47277e..6e61fbf 100644
--- a/templates/base.php
+++ b/templates/base.php
@@ -16,6 +16,7 @@
 ##
 $web_config = $this->get('web_config');
 header('X-Frame-Options: DENY');
+header("Content-Security-Policy: default-src 'self'");
 ?>
 <!DOCTYPE html>
 <meta charset="utf-8"/>