From 8daf040d435d020488ea3f3892c29b627a4a8888 Mon Sep 17 00:00:00 2001
From: Julen Landa Alustiza <jlanda@fedoraproject.org>
Date: Jul 26 2019 11:45:38 +0000
Subject: Add default restricted object-src to Content-Security-Policy


---

diff --git a/pagure/default_config.py b/pagure/default_config.py
index 99b4188..aa80f2c 100644
--- a/pagure/default_config.py
+++ b/pagure/default_config.py
@@ -617,4 +617,5 @@ CSP_HEADERS = (
     "default-src 'self' https:; "
     "script-src 'self' '{nonce_script}'; "
     "style-src 'self' '{nonce_style}'; "
+    "object-src" 'none'"
 )