Skip to content

Commit

Permalink
Merge pull request #23 from poplarmedia/patch-1
Browse files Browse the repository at this point in the history 
Update headers.conf
  • Loading branch information
@collectiveaccess
collectiveaccess authored Dec 12, 2020
2 parents 1aff209 + 0b624ed commit 3bc352c
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions app/conf/headers.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ security = {
X-Content-Type-Options = nosniff,
X-XSS-Protection = "1; mode=block",
X-Frame-Options = SAMEORIGIN,
Content-Security-Policy = ["script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org ajax.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';"],
X-Content-Security-Policy = "script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org ajax.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com 'unsafe-inline' 'unsafe-eval';" ,
Content-Security-Policy = ["script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org ajax.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com platform-api.sharethis.com buttons-config.sharethis.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';"],
X-Content-Security-Policy = "script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org ajax.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com platform-api.sharethis.com buttons-config.sharethis.com 'unsafe-inline' 'unsafe-eval';" ,

Feature-Policy = "microphone 'none'; geolocation 'none'; accelerometer 'none'; autoplay 'none; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; gyroscope 'none'; magnetometer 'none'; midi 'none'; usb 'none';",
Strict-Transport-Security = "max-age=10368000; includeSubDomains",
Referrer-Policy = "no-referrer"
}
}

0 comments on commit 3bc352c

Please sign in to comment.