mat
/
mat.services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix prod headers syntax, really
continuous-integration/drone/push Build is passing Details
continuous-integration/drone Build is passing Details

pull/1/head
mat ess 2022-10-20 21:05:24 -04:00
parent ab7b882bc3
commit 05f894ede0
1 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
headers/production
View File

@ -1,23 +1,24 @@
# disable FLoC tracking
Permissions-Policy: interest-cohort=()
# enable HSTS
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# disable clients from sniffing the media type
X-Content-Type-Options: nosniff
# clickjacking protection
X-Frame-Options: DENY
# keep referrer data off of HTTP connections
Referrer-Policy: no-referrer
# content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy: default-src 'none';
Content-Security-Policy: img-src 'self' https://mat.services https://stats.mat.services;
Content-Security-Policy: style-src 'self' https://mat.services 'unsafe-inline';
Content-Security-Policy: font-src 'self' https://mat.services;
Content-Security-Policy: script-src 'self' https://mat.services https://stats.mat.services;
Content-Security-Policy: form-action 'none';
Content-Security-Policy: frame-ancestors 'none';
Content-Security-Policy: base-uri 'none';
Content-Security-Policy: upgrade-insecure-requests;
Content-Security-Policy: sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox;
/*
# disable FLoC tracking
Permissions-Policy: interest-cohort=()
# enable HSTS
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# disable clients from sniffing the media type
X-Content-Type-Options: nosniff
# clickjacking protection
X-Frame-Options: DENY
# keep referrer data off of HTTP connections
Referrer-Policy: no-referrer
# content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy: default-src 'none';
Content-Security-Policy: img-src 'self' https://mat.services https://stats.mat.services;
Content-Security-Policy: style-src 'self' https://mat.services 'unsafe-inline';
Content-Security-Policy: font-src 'self' https://mat.services;
Content-Security-Policy: script-src 'self' https://mat.services https://stats.mat.services;
Content-Security-Policy: form-action 'none';
Content-Security-Policy: frame-ancestors 'none';
Content-Security-Policy: base-uri 'none';
Content-Security-Policy: upgrade-insecure-requests;
Content-Security-Policy: sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox;