From 67b13c71baea56eeb15532ca1b1377f6da8d18ac Mon Sep 17 00:00:00 2001
From: r <r@freesoftwareextremist.com>
Date: Sun, 15 Oct 2023 15:53:44 +0000
Subject: Use CSP header to restrict resource loading

This helps mitigate XSS exploits.
Users will have to save the settings again to make the custom CSS
work.
---
 model/session.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'model')

diff --git a/model/session.go b/model/session.go
index f9e4287..61a409c 100644
--- a/model/session.go
+++ b/model/session.go
@@ -27,6 +27,7 @@ type Settings struct {
 	AntiDopamineMode      bool   `json:"adm,omitempty"`
 	HideUnsupportedNotifs bool   `json:"hun,omitempty"`
 	CSS                   string `json:"css,omitempty"`
+	CSSHash               string `json:"cssh,omitempty"`
 }
 
 func NewSettings() *Settings {
@@ -43,5 +44,6 @@ func NewSettings() *Settings {
 		AntiDopamineMode:      false,
 		HideUnsupportedNotifs: false,
 		CSS:                   "",
+		CSSHash:               "",
 	}
 }
-- 
cgit v1.2.3