make CSP stricter by setting default-src to 'self'

Embedding remote files can leak info via the Referer header.

Also changes child-src to frame-src since it has a higher precedence.
(https://www.w3.org/TR/CSP3/#changes-from-level-2)

0 files changed, 0 insertions, 0 deletions