hazza/hinode
1
0
Fork 0
mirror of https://github.com/gethinode/hinode.git synced 2025-10-15 05:53:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18 from markdumay/npm

Browse Source 
Improve security headers
This commit is contained in:
Mark Dumay
2022-04-02 08:11:24 +02:00
committed by GitHub
parent aaf9ce9f62 97a3305949
commit ec8d56ece7
1 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
netlify.toml
View File

@@ -20,20 +20,18 @@
X-Content-Type-Options = "nosniff" X-Content-Type-Options = "nosniff"
X-XSS-Protection = "1; mode=block" X-XSS-Protection = "1; mode=block"
Content-Security-Policy = """\ Content-Security-Policy = """\
base-uri 'self'; \
child-src https://utteranc.es; \
default-src 'self'; \ default-src 'self'; \
font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; \ script-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://utteranc.es/client.js; \
form-action 'self'; \ style-src 'report-sample' 'self' https://fonts.googleapis.com; \
img-src 'self'; \
object-src 'none'; \ object-src 'none'; \
script-src 'report-sample' 'self' \ base-uri 'self'; \
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js \ connect-src 'self'; \
https://cdn.jsdelivr.net/npm/flexsearch@0.7.21/dist/flexsearch.bundle.js \ font-src 'self' https://fonts.gstatic.com; \
https://utteranc.es/client.js; \ frame-src 'self' https://utteranc.es; \
style-src 'report-sample' 'self' \ img-src 'self'; \
https://fonts.googleapis.com \ manifest-src 'self'; \
https://cdn.jsdelivr.net/npm/flexsearch@0.7.21/dist/flexsearch.bundle.js \ media-src 'self'; \
worker-src 'none'; \
""" """
X-Frame-Options = "SAMEORIGIN" X-Frame-Options = "SAMEORIGIN"
Referrer-Policy = "strict-origin" Referrer-Policy = "strict-origin"