security stuff

This commit is contained in:
2026-05-16 10:38:34 +01:00
parent 61b69c136a
commit 5c648b0c40
+3 -2
View File
@@ -111,14 +111,15 @@ const SECURITY_HEADERS_BASE = {
} }
const CSP_DIRECTIVES = [ const CSP_DIRECTIVES = [
"default-src 'self'", "default-src 'none'",
"base-uri 'self'", "base-uri 'self'",
"form-action 'self'", "form-action 'self'",
"frame-ancestors 'none'", "frame-ancestors 'none'",
"object-src 'none'", "object-src 'none'",
"script-src 'self' https://challenges.cloudflare.com", "script-src 'self' https://challenges.cloudflare.com",
"script-src-elem 'self' https://challenges.cloudflare.com", "script-src-elem 'self' https://challenges.cloudflare.com",
"style-src 'self' 'unsafe-inline'", "style-src 'self'",
"style-src-elem 'self'",
"img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com", "img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com",
"font-src 'self' data:", "font-src 'self' data:",
"connect-src 'self' https://challenges.cloudflare.com", "connect-src 'self' https://challenges.cloudflare.com",