From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 8 Mar 2017 17:15:59 +0000 (+0100)
Subject: amended policy
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f0c787bbb75e0d28915124347a0e0feeb5fc40ec;p=mirror%2Fdsa-puppet.git

amended policy
---

diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index a84e17439..3cc240028 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -148,7 +148,7 @@
 	# Versioned request
 	RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
 
-	Header always set Content-Security-Policy "default-src 'self';"
+	Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
 </Macro>
 
 <%=