forked from Deuxfleurs/nixcfg
final csp
This commit is contained in:
parent
233556e9ef
commit
aaa80ae678
1 changed files with 1 additions and 2 deletions
|
@ -98,8 +98,7 @@ job "garage" {
|
|||
tags = [
|
||||
"garage-web",
|
||||
"tricot * 1",
|
||||
#"tricot-add-header Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/; frame-ancestors 'self'",
|
||||
"tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'",
|
||||
"tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'; object-src 'none'",
|
||||
"tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
|
||||
"tricot-add-header X-Frame-Options SAMEORIGIN",
|
||||
"tricot-add-header X-XSS-Protection 1; mode=block",
|
||||
|
|
Loading…
Reference in a new issue