From 56896d2d63cd22fb5870b11e7394936f5ca7c1c5 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Thu, 6 Jul 2023 19:44:01 +0530
Subject: [PATCH] Add CSP changes

---
 nginx/mastodon.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nginx/mastodon.conf b/nginx/mastodon.conf
index 2b33377..016b4ee 100644
--- a/nginx/mastodon.conf
+++ b/nginx/mastodon.conf
@@ -89,6 +89,8 @@ server {
   location ~ ^/system/ {
     add_header Cache-Control "public, max-age=2419200, immutable";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    add_header X-Content-Type-Options nosniff;
+    add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
     try_files $uri =404;
   }