Add CSP to favicons (#7471)

E.g. for the case of SVGs
author: Alexandre Alapetite <alexandre@alapetite.fr> 2025-04-01 09:27:33 +0200
committer: GitHub <noreply@github.com> 2025-04-01 09:27:33 +0200
commit: 426e3054c237c2b98667ebeacbbdb5caa88e7b1f (patch)
tree: b73de17745ff024fbd59029ea4d7b810c0802ba4
parent: d0b961131939800a119801bfce7411ad2e429e9e (diff)
download: freshrss-426e3054c237c2b98667ebeacbbdb5caa88e7b1f.tar.gz
freshrss-426e3054c237c2b98667ebeacbbdb5caa88e7b1f.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/p/f.php b/p/f.php
index 1bf358a3d..14ded4bca 100644
--- a/p/f.php
+++ b/p/f.php
@@ -48,6 +48,7 @@ if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (mt
 	}
 }
 
+header("Content-Security-Policy: default-src 'none'; img-src 'self'; style-src 'self';");
 if (!httpConditional($ico_mtime, mt_rand(14, 21) * 86400, 2)) {
 	$ico_content_type = contentType($ico);
 	header('Content-Type: ' . $ico_content_type);
author	Alexandre Alapetite <alexandre@alapetite.fr>	2025-04-01 09:27:33 +0200
committer	GitHub <noreply@github.com>	2025-04-01 09:27:33 +0200
commit	426e3054c237c2b98667ebeacbbdb5caa88e7b1f (patch)
tree	b73de17745ff024fbd59029ea4d7b810c0802ba4
parent	d0b961131939800a119801bfce7411ad2e429e9e (diff)
download	freshrss-426e3054c237c2b98667ebeacbbdb5caa88e7b1f.tar.gz freshrss-426e3054c237c2b98667ebeacbbdb5caa88e7b1f.zip