From ce70f7fdbcbe1529ef7dc9d64dad658660e14a8c Mon Sep 17 00:00:00 2001
From: Jeroen De Meerleer <me@jeroened.be>
Date: Tue, 1 Feb 2022 14:29:41 +0100
Subject: [PATCH] ENHANCEMENT: implemented CSP

---
 lib/Framework/Router.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/Framework/Router.php b/lib/Framework/Router.php
index a27e9b3..8b6a51a 100644
--- a/lib/Framework/Router.php
+++ b/lib/Framework/Router.php
@@ -39,6 +39,9 @@ class Router
             $response = $controllerObj->$action(...$method);
 
             if ($response instanceof Response) {
+                $response->headers->add([
+                    "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; require-trusted-types-for 'script'"
+                ]);
                 return $response;
             } else {
                 throw new InvalidArgumentException();