From f27636dd14cc06b84f1564f48c148be7394540b3 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 5 May 2022 08:50:21 +0200 Subject: [PATCH] Add headers in Garage --- app/garage/deploy/garage.hcl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl index 67db8df..4fa12d7 100644 --- a/app/garage/deploy/garage.hcl +++ b/app/garage/deploy/garage.hcl @@ -98,7 +98,10 @@ job "garage" { tags = [ "garage-web", "tricot * 1", - "tricot-add-header Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'" + "tricot-add-header Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/; frame-ancestors 'self'", + "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload", + "tricot-add-header X-Frame-Options SAMEORIGIN", + "tricot-add-header X-XSS-Protection 1; mode=block", ] port = 3902 address_mode = "driver"