From 2d4314b5ca1e527a3420fad11d3f1a25351700d4 Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Wed, 7 May 2025 16:27:08 -0400
Subject: [PATCH] fix CVE-2025-4123


diff --git a/conf/defaults.ini b/conf/defaults.ini
index e1e5468bfa3..4221144bf54 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -363,7 +363,7 @@ x_xss_protection = true
 
 # Enable adding the Content-Security-Policy header to your requests.
 # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
-content_security_policy = false
+content_security_policy = true
 
 # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
 # $NONCE in the template includes a random nonce.
diff --git a/conf/sample.ini b/conf/sample.ini
index 51d2b6c512b..fd588b48225 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -364,7 +364,7 @@
 
 # Enable adding the Content-Security-Policy header to your requests.
 # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
-;content_security_policy = false
+;content_security_policy = true
 
 # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
 # $NONCE in the template includes a random nonce.