From 95eb634297e1533f5e3f87a5fd77f079b2d7e149 Mon Sep 17 00:00:00 2001
From: Jeroen De Meerleer <me@jeroened.be>
Date: Wed, 2 Feb 2022 12:59:03 +0100
Subject: [PATCH] BUGFIX: Added referrer policy and frame-ancestors

---
 lib/Framework/Router.php | 4 +++-
 webpack.config.js        | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/Framework/Router.php b/lib/Framework/Router.php
index 8b6a51a..a1a1a67 100644
--- a/lib/Framework/Router.php
+++ b/lib/Framework/Router.php
@@ -40,7 +40,9 @@ class Router
 
             if ($response instanceof Response) {
                 $response->headers->add([
-                    "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; require-trusted-types-for 'script'"
+                    "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; frame-ancestors 'none'; require-trusted-types-for 'script'; base-uri 'none'; ",
+                    "Referrer-Policy" => "same-origin"
+
                 ]);
                 return $response;
             } else {
diff --git a/webpack.config.js b/webpack.config.js
index ba0c62c..1a57466 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -55,7 +55,7 @@ Encore
 
     // uncomment to get integrity="..." attributes on your script & link tags
     // requires WebpackEncoreBundle 1.4 or higher
-    //.enableIntegrityHashes(Encore.isProduction())
+    .enableIntegrityHashes(true)
 
     // uncomment if you're having problems with a jQuery plugin
     //.autoProvidejQuery()