|
|
@@ -305,6 +305,8 @@ func New(e *echo.Echo, options *Options) (*Server, error) { |
|
|
|
// `style-src 'unsafe-inline'` is required for e-mails with |
|
|
|
// embedded stylesheets |
|
|
|
ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'") |
|
|
|
// DNS prefetching has privacy implications |
|
|
|
ectx.Response().Header().Set("X-DNS-Prefetch-Control", "off") |
|
|
|
return next(ectx) |
|
|
|
} |
|
|
|
}) |
|
|
|