From ce2243d220566b46ccbf9ac6aa45481316a75acc Mon Sep 17 00:00:00 2001
From: t2d <tim@systemli.org>
Date: Fri, 12 Mar 2021 16:20:56 +0100
Subject: [PATCH] Document working CSP

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index fb2e088..13a6487 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,10 @@ brew install --cask jitsi-meet
 Content-Security-Policy "frame-ancestors [looks like any value is bad]";
 X-Frame-Options "DENY";
 ```
+A working Content Security Policy looks like that:
+```
+Content-Security-Policy "img-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none';";
+```
 
 ## Development