-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathheaders
More file actions
5 lines (5 loc) · 1.08 KB
/
headers
File metadata and controls
5 lines (5 loc) · 1.08 KB
1
2
3
4
5
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains;"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "same-origin"
http-response set-header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=()"
http-response set-header Content-Security-Policy "default-src 'self'; connect-src 'self' https://<OAUTH2_PROVIDER>; img-src 'self' data:; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; style-src 'self'; script-src 'self'; child-src 'self'; frame-src 'self';"