From ee6034b7529a5e7de437effb116d6057b3226201 Mon Sep 17 00:00:00 2001
From: mik-tf <logismos@protonmail.ch>
Date: Sat, 6 Sep 2025 09:44:17 -0400
Subject: [PATCH] feat: add default Content-Security-Policy header to
 middleware

---
 src/middleware/mod.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs
index a4b26a6..dc63794 100644
--- a/src/middleware/mod.rs
+++ b/src/middleware/mod.rs
@@ -126,6 +126,15 @@ where
                 );
             }
 
+            if !headers.contains_key(actix_web::http::header::CONTENT_SECURITY_POLICY) {
+                let _ = headers.insert(
+                    actix_web::http::header::CONTENT_SECURITY_POLICY,
+                    actix_web::http::header::HeaderValue::from_static(
+                        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'"
+                    ),
+                );
+            }
+
             Ok(res)
         })
     }