security stuff
This commit is contained in:
+3
-2
@@ -111,14 +111,15 @@ const SECURITY_HEADERS_BASE = {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const CSP_DIRECTIVES = [
|
const CSP_DIRECTIVES = [
|
||||||
"default-src 'self'",
|
"default-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
"form-action 'self'",
|
"form-action 'self'",
|
||||||
"frame-ancestors 'none'",
|
"frame-ancestors 'none'",
|
||||||
"object-src 'none'",
|
"object-src 'none'",
|
||||||
"script-src 'self' https://challenges.cloudflare.com",
|
"script-src 'self' https://challenges.cloudflare.com",
|
||||||
"script-src-elem 'self' https://challenges.cloudflare.com",
|
"script-src-elem 'self' https://challenges.cloudflare.com",
|
||||||
"style-src 'self' 'unsafe-inline'",
|
"style-src 'self'",
|
||||||
|
"style-src-elem 'self'",
|
||||||
"img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com",
|
"img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com",
|
||||||
"font-src 'self' data:",
|
"font-src 'self' data:",
|
||||||
"connect-src 'self' https://challenges.cloudflare.com",
|
"connect-src 'self' https://challenges.cloudflare.com",
|
||||||
|
|||||||
Reference in New Issue
Block a user