mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-05 21:39:54 +02:00
Adds CSP middleware to the global middleware chain as a browser-level defense against XSS: script-src 'self', object-src 'none', frame-ancestors 'none', base-uri 'self', form-action 'self'. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>