From dbb966022fa584313dedb00502734cc19c454d89 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 15 Aug 2023 17:10:54 -0700
Subject: [PATCH] Add upgrade-insecure-requests;

Signed-off-by: Tommy <contact@tommytran.io>
---
 static/_headers | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/static/_headers b/static/_headers
index cd7bd80..8f49b61 100644
--- a/static/_headers
+++ b/static/_headers
@@ -1,6 +1,6 @@
 /*
   Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   X-Content-Type-Options : nosniff
   Referrer-Policy : no-referrer
   X-Frame-Options : DENY
@@ -11,7 +11,7 @@
   # Cross-Origin-Opener-Policy : same-origin
 
 /*.xml
-  Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
 
 /*.png
   Cross-Origin-Resource-Policy : cross-origin