security stuff

This commit is contained in:
Heidi
2026-05-16 10:38:34 +01:00
parent 61b69c136a
commit 5c648b0c40
+3 -2
View File
@@ -111,14 +111,15 @@ const SECURITY_HEADERS_BASE = {
}
const CSP_DIRECTIVES = [
"default-src 'self'",
"default-src 'none'",
"base-uri 'self'",
"form-action 'self'",
"frame-ancestors 'none'",
"object-src 'none'",
"script-src 'self' https://challenges.cloudflare.com",
"script-src-elem 'self' https://challenges.cloudflare.com",
"style-src 'self' 'unsafe-inline'",
"style-src 'self'",
"style-src-elem 'self'",
"img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com",
"font-src 'self' data:",
"connect-src 'self' https://challenges.cloudflare.com",