From 83da9c898d2c5fd085ef42c912f2d85bebd85742 Mon Sep 17 00:00:00 2001
From: ZizzyDizzyMC <ZizzyDizzyMC@gmail.com>
Date: Fri, 12 Feb 2021 22:27:19 -0500
Subject: [PATCH] Update server.go

---
 server.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/server.go b/server.go
index 5b0771f..7c56639 100644
--- a/server.go
+++ b/server.go
@@ -273,16 +273,16 @@ func main() {
 	flag.StringVar(&Config.remoteAuthFile, "remoteauthfile", "",
 		"path to a file containing newline-separated scrypted auth keys for remote uploads")
 	flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
-		"",
+		"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';",
 		"value of default Content-Security-Policy header")
 	flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy",
-		"",
+		"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';",
 		"value of Content-Security-Policy header for file access")
 	flag.StringVar(&Config.referrerPolicy, "referrerpolicy",
-		"",
+		"same-origin",
 		"value of default Referrer-Policy header")
 	flag.StringVar(&Config.fileReferrerPolicy, "filereferrerpolicy",
-		"",
+		"same-origin",
 		"value of Referrer-Policy header for file access")
 	flag.StringVar(&Config.xFrameOptions, "xframeoptions", "",
 		"value of X-Frame-Options header")