mirror of
https://github.com/gethinode/hinode.git
synced 2025-10-15 14:03:19 +00:00
37 lines
1.4 KiB
TOML
37 lines
1.4 KiB
TOML
[[headers]]
|
|
for = '/**'
|
|
[headers.values]
|
|
Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
|
|
X-Content-Type-Options = "nosniff"
|
|
X-XSS-Protection = "1; mode=block"
|
|
Content-Security-Policy = """\
|
|
default-src 'self'; \
|
|
script-src 'self' \
|
|
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js \
|
|
https://cdn.jsdelivr.net/npm/flexsearch@0.7.21/dist/flexsearch.bundle.js \
|
|
https://utteranc.es/client.js; \
|
|
style-src 'self' localhost:1313 https://utteranc.es https://fonts.googleapis.com https://www.youtube.com; \
|
|
object-src 'none'; \
|
|
base-uri 'self'; \
|
|
connect-src 'self' localhost:1313 ws://localhost:1313/livereload; \
|
|
font-src 'self' https://fonts.gstatic.com; \
|
|
frame-src 'self' localhost:1313 https://utteranc.es https://www.youtube-nocookie.com https://www.youtube.com; \
|
|
img-src 'self' https://i.vimeocdn.com https://i.ytimg.com; \
|
|
manifest-src 'self'; \
|
|
media-src 'self' \
|
|
"""
|
|
X-Frame-Options = "SAMEORIGIN"
|
|
Referrer-Policy = "strict-origin"
|
|
Permissions-Policy = """\
|
|
geolocation=(), \
|
|
midi=(), \
|
|
sync-xhr=(), \
|
|
microphone=(), \
|
|
camera=(), \
|
|
magnetometer=(), \
|
|
gyroscope=(), \
|
|
fullscreen=(), \
|
|
payment=() \
|
|
"""
|
|
Cache-Control = "public, max-age=31536000"
|
|
Access-Control-Allow-Origin = "*" |