From e614ae08c4ad93fc667ec104900f6d93483ee44f Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Tue, 9 Jan 2018 18:10:38 +0100
Subject: [PATCH] Add Content Security Policy

---
 adminer/include/design.inc.php | 1 +
 changes.txt                    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index cd0563e5..48212fc6 100644
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -91,6 +91,7 @@ function page_headers() {
 	header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
 	header("X-Content-Type-Options: nosniff");
 	header("Referrer-Policy: origin-when-cross-origin");
+	header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
 	$adminer->headers();
 }
 
diff --git a/changes.txt b/changes.txt
index 5ca548e8..d4da508a 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.3.2-dev:
+Add Content Security Policy
 Add nosniff header
 PHP 7.1: Prevent warning when using empty limit
 MySQL: Remove dedicated view for replication status (added in 4.3.0)