From 933db86a0786ebe595fe05084f77e5ea72a76232 Mon Sep 17 00:00:00 2001
From: Felix Boerner <ich@felix-boerner.de>
Date: Fri, 31 May 2024 10:56:06 +0000
Subject: [PATCH] test: improve security ranking

---
 tests/exampleSiteWithVideo/hugo.toml |   10 ++++++++++
 tests/exampleSiteWithImage/hugo.toml |   10 ++++++++++
 2 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/tests/exampleSiteWithImage/hugo.toml b/tests/exampleSiteWithImage/hugo.toml
index 6c110aa..b626921 100644
--- a/tests/exampleSiteWithImage/hugo.toml
+++ b/tests/exampleSiteWithImage/hugo.toml
@@ -102,3 +102,13 @@
   # Please keep the original attribution link when using for your own project.
   # If you'd like to use the template without the attribution, you can check out
   # the license option via the template author's website: https://onepagelove.com/split
+
+[server]
+[[server.headers]]
+    for = '/**'
+    [server.headers.values]
+      Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://dummyimage.com"
+      Referrer-Policy = 'strict-origin-when-cross-origin'
+      X-Content-Type-Options = 'nosniff'
+      X-Frame-Options = 'DENY'
+      X-XSS-Protection = '1; mode=block'
diff --git a/tests/exampleSiteWithVideo/hugo.toml b/tests/exampleSiteWithVideo/hugo.toml
index 67d69bd..33efa81 100644
--- a/tests/exampleSiteWithVideo/hugo.toml
+++ b/tests/exampleSiteWithVideo/hugo.toml
@@ -102,3 +102,13 @@
   # Please keep the original attribution link when using for your own project.
   # If you'd like to use the template without the attribution, you can check out
   # the license option via the template author's website: https://onepagelove.com/split
+
+[server]
+[[server.headers]]
+    for = '/**'
+    [server.headers.values]
+      Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://dummyimage.com"
+      Referrer-Policy = 'strict-origin-when-cross-origin'
+      X-Content-Type-Options = 'nosniff'
+      X-Frame-Options = 'DENY'
+      X-XSS-Protection = '1; mode=block'

--
Gitblit v1.10.0