forked from Deuxfleurs/nixcfg
remove default HTTP CSP, put your CSP in your HTML
This commit is contained in:
parent
9e113416ac
commit
56e19ff2e5
1 changed files with 0 additions and 1 deletions
|
@ -134,7 +134,6 @@ job "garage" {
|
|||
tags = [
|
||||
"garage-web",
|
||||
"tricot * 1",
|
||||
"tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'; object-src 'none'",
|
||||
"tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
|
||||
"tricot-add-header X-Frame-Options SAMEORIGIN",
|
||||
"tricot-add-header X-XSS-Protection 1; mode=block",
|
||||
|
|
Loading…
Reference in a new issue