diff --git a/frontend/package.json b/frontend/package.json
index c1704610..1890dfe5 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "goldfish",
-  "version": "0.6.0-rc1",
+  "version": "0.7.0-rc1",
   "description": "Vault Admin Panel",
   "repository": "caiyeon/goldfish",
   "homepage": "",
diff --git a/server.go b/server.go
index a348aeb8..b05e7dd5 100644
--- a/server.go
+++ b/server.go
@@ -7,8 +7,8 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
-	"syscall"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/caiyeon/goldfish/config"
@@ -109,10 +109,10 @@ func main() {
 
 	// prevent caching by client (e.g. Safari)
 	e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
-	    return func(c echo.Context) error {
-	        c.Response().Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
-	        return next(c)
-	    }
+		return func(c echo.Context) error {
+			c.Response().Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+			return next(c)
+		}
 	})
 
 	// unless explicitly disabled, some extra https configurations need to be set
@@ -122,7 +122,7 @@ func main() {
 			XSSProtection:         "1; mode=block",
 			ContentTypeNosniff:    "nosniff",
 			XFrameOptions:         "SAMEORIGIN",
-			ContentSecurityPolicy: "default-src 'self'",
+			ContentSecurityPolicy: "default-src 'self' https://api.github.com",
 		}))
 
 		// if redirect is set, forward port 80 to port 443
@@ -220,7 +220,7 @@ func main() {
 	}
 }
 
-const versionString = "Goldfish version: v0.6.0-rc1"
+const versionString = "Goldfish version: v0.7.0-rc1"
 
 const devInitString = `