From 41c3a5bb4a10f1b2eda892bdfcf11eacf1095638 Mon Sep 17 00:00:00 2001
From: Azareal <azareal@users.noreply.github.com>
Date: Thu, 30 Aug 2018 15:57:07 +1000
Subject: [PATCH] Added a Content Security Policy for upgrading insecure images
 to HTTPS to avoid mixed content warnings.

---
 common/routes_common.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/common/routes_common.go b/common/routes_common.go
index 1608a1ab..b931a351 100644
--- a/common/routes_common.go
+++ b/common/routes_common.go
@@ -278,6 +278,10 @@ func preRoute(w http.ResponseWriter, r *http.Request) (User, bool) {
 		}
 	}
 
+	// TODO: Add a config setting to disable this header
+	// TODO: Have this header cover more things
+	w.Header().Set("Content-Security-Policy", "upgrade-insecure-requests")
+
 	if user == &GuestUser {
 		usercpy.LastIP = host
 		return *usercpy, true