8 years ago · 4560af165e
--- a/server/core/response.go
+++ b/server/core/response.go
@@ -69,6 +69,7 @@ func (r *Response) commonHeaders() {
 
				 	r.writer.Header().Set("X-XSS-Protection", "1; mode=block")
			
 
				 	r.writer.Header().Set("X-Content-Type-Options", "nosniff")
			
 
				 	r.writer.Header().Set("X-Frame-Options", "DENY")
			
 
				+	r.writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *")
			
 
				 }
			
 
				 
			
 
				 // NewResponse returns a new Response.