From 55bf8150504a9380374122456a4a6a8f8c35e2fb Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kspearrin@users.noreply.github.com>
Date: Mon, 9 Sep 2024 15:46:01 -0400
Subject: [PATCH] [VULN-45] CSP for Icons Server (#4747)

* CSP for icon server

* default to self

* append
---
 src/Icons/Startup.cs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Icons/Startup.cs b/src/Icons/Startup.cs
index 2a7f83e13..4695c320e 100644
--- a/src/Icons/Startup.cs
+++ b/src/Icons/Startup.cs
@@ -78,6 +78,9 @@ public class Startup
                 Public = true,
                 MaxAge = TimeSpan.FromDays(7)
             };
+
+            context.Response.Headers.Append("Content-Security-Policy", "default-src 'self'; script-src 'none'");
+
             await next();
         });