From a997375876cf69907b6df1cc9a165db13bb008d6 Mon Sep 17 00:00:00 2001
From: Denis Kasak <dkasak@termina.org.uk>
Date: Tue, 28 Sep 2021 12:41:13 +0200
Subject: [PATCH] Add changelog entry.

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7691656..5aa87fe5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Added
 
 * Added support for structured logging (JSON).
+- Added `X-Content-Security-Policy: sandbox` in contexts where the normal CSP
+  header would be served. This is a limited, pre-standard form of CSP supported
+  by IE11, in order to have at least some mitigation of XSS attacks.
 
 ### Changed
 
-- 
GitLab