From 426e3054c237c2b98667ebeacbbdb5caa88e7b1f Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 1 Apr 2025 09:27:33 +0200
Subject: Add CSP to favicons (#7471)

E.g. for the case of SVGs
---
 p/f.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/p/f.php b/p/f.php
index 1bf358a3d..14ded4bca 100644
--- a/p/f.php
+++ b/p/f.php
@@ -48,6 +48,7 @@ if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (mt
 	}
 }
 
+header("Content-Security-Policy: default-src 'none'; img-src 'self'; style-src 'self';");
 if (!httpConditional($ico_mtime, mt_rand(14, 21) * 86400, 2)) {
 	$ico_content_type = contentType($ico);
 	header('Content-Type: ' . $ico_content_type);
-- 
cgit v1.2.3