Try reverting headers
continuous-integration/drone/push Build is passing Details
continuous-integration/drone Build is passing Details

pull/1/head
mat ess 2022-10-20 21:48:11 -04:00
parent 9cb96154de
commit fcb3a22615
1 changed files with 16 additions and 18 deletions

View File

@ -12,23 +12,6 @@
to = "https://mat.services/:splat" to = "https://mat.services/:splat"
force = true force = true
[redirects.headers]
# disable FLoC tracking
Permissions-Policy = "interest-cohort=()"
# enable HSTS
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
# disable clients from sniffing the media type
X-Content-Type-Options = "nosniff"
# clickjacking protection
X-Frame-Options = "DENY"
# keep referrer data off of HTTP connections
Referrer-Policy = "no-referrer"
# content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy = "default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox"
[[headers]] [[headers]]
for = "/*" for = "/*"
@ -46,4 +29,19 @@
# content security policy # content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences # style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs # sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy = "default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox" Content-Security-Policy = '''
default-src 'none';
img-src 'self' https://mat.services https://stats.mat.services;
style-src 'self' https://mat.services 'unsafe-inline';
font-src 'self' https://mat.services;
script-src 'self' https://mat.services https://stats.mat.services;
form-action 'none';
frame-ancestors 'none';
base-uri 'none';
upgrade-insecure-requests;
sandbox
allow-same-origin
allow-scripts
allow-popups
allow-popups-to-escape-sandbox
'''