From 325ebc0a4e712e32682a13fe21a6d12cf33aff25 Mon Sep 17 00:00:00 2001
From: Alexander Bilz <mail@alexbilz.com>
Date: Sun, 17 May 2020 14:15:35 +0000
Subject: [PATCH] Merge pull request #8 from msfjarvis/refactor/document-csp

---
 README.md |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/README.md b/README.md
index afb3c06..109bfbe 100644
--- a/README.md
+++ b/README.md
@@ -97,6 +97,23 @@
 customCss = ["css/custom1.css", "css/custom2.css"]
 ```
 
+### Content Security Policy
+The theme is compliant with most strict CSP policies out of the box. A sample CSP for an Anatole-based site would look something like this:
+
+```
+Content-Security-Policy "
+  base-uri 'self';
+  connect-src 'self';
+  default-src 'self';
+  frame-ancestors 'none';
+  font-src 'self' stackpath.bootstrapcdn.com;
+  img-src 'self';
+  object-src 'none';
+  script-src 'self';
+  style-src 'self' stackpath.bootstrapcdn.com;
+"
+```
+
 ## License
 
 Anatole is licensed under the [MIT license](https://github.com/lxndrblz/anatole/blob/master/LICENSE).

--
Gitblit v1.10.0