From 2fc22cacdf7469407e1badf523d7a89f9f56668c Mon Sep 17 00:00:00 2001
From: Jacob <jacob.signorovitch@gmail.com>
Date: Tue, 10 Mar 2026 14:30:11 -0400
Subject: [PATCH] many

---
 index.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index 17e0a34..ecc6e34 100644
--- a/index.php
+++ b/index.php
@@ -2,12 +2,14 @@
 
 declare(strict_types=1);
 
+$styleNonce = base64_encode(random_bytes(16));
+
 header("Content-Type: text/html; charset=UTF-8");
 header("X-Content-Type-Options: nosniff");
 header("Referrer-Policy: strict-origin-when-cross-origin");
 header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
 header(
-    "Content-Security-Policy: default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *",
+    "Content-Security-Policy: default-src 'none'; style-src 'self' 'nonce-{$styleNonce}'; base-uri 'none'; form-action 'none'; frame-ancestors *",
 );
 if (function_exists("header_remove")) {
     header_remove("X-Frame-Options");
@@ -100,7 +102,11 @@ $next = $sites[($index + 1) % $total];
     ) ?>" target="_top" rel="noopener noreferrer">NEXT &rarr;</a>
 </div>
 
-<style>
+<style nonce="<?= htmlspecialchars(
+    $styleNonce,
+    ENT_QUOTES | ENT_SUBSTITUTE,
+    "UTF-8",
+) ?>">
 :root {
     --bg-1: #1d2021;
     --bg0: #282828;