From d694e8c685c093fda93e668d06e39201bb5a6293 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Thu, 23 Jan 2014 11:16:54 -0800
Subject: [PATCH] Block JS loaded from external sources

---
 web-lib-funcs.pl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index 2fb41f5f7..30af40deb 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -746,7 +746,12 @@ if ($pragma_no_cache || $gconfig{'pragma_no_cache'}) {
 	print "Cache-Control: no-store, no-cache, must-revalidate\n";
 	print "Cache-Control: post-check=0, pre-check=0\n";
 	}
-print "X-Frame-Options: SAMEORIGIN\n";
+if (!$gconfig{'no_frame_options'}) {
+	print "X-Frame-Options: SAMEORIGIN\n";
+	}
+if (!$gconfig{'no_content_security_policy'}) {
+	print "Content-Security-Policy: script-src 'self' 'unsafe-inline'\n";
+	}
 if (defined($_[0])) {
 	print "Content-type: text/html; Charset=$_[0]\n\n";
 	}