From cf47cbda1d46d56461977fb8ede5888e72f1fac9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sat, 24 Aug 2024 17:14:21 +0300
Subject: [PATCH] more http/moz observatory findings

---
 modules/services/gitea/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix
index 3d437d7..26fa5df 100644
--- a/modules/services/gitea/default.nix
+++ b/modules/services/gitea/default.nix
@@ -59,6 +59,7 @@
             SHOW_MILESTONES_DASHBOARD_PAGE = false;
             COOKIE_SECURE = true;
           };
+          session.COOKIE_SECURE = true;
           log.LEVEL = "Error";
           mailer = {
             ENABLED = true;
@@ -89,7 +90,7 @@
             Strict-Transport-Security "max-age=15768000"
 
             # https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764
-            Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
+            Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
             X-Content-Type-Options "nosniff"
             X-Frame-Options "DENY"
           }