From ec851199de9e616429ea68c45546429ece9a41ba Mon Sep 17 00:00:00 2001 From: Olivier Falcoz Date: Mon, 27 Nov 2023 15:54:49 +0100 Subject: [PATCH] Update static/_headers --- static/_headers | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/static/_headers b/static/_headers index cd7bd80..845d341 100644 --- a/static/_headers +++ b/static/_headers @@ -1,23 +1,23 @@ -/* - Strict-Transport-Security : max-age=63072000; includeSubDomains; preload - Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' - X-Content-Type-Options : nosniff - Referrer-Policy : no-referrer - X-Frame-Options : DENY - X-XSS-Protection : 0 - Permissions-Policy : accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=() - Cross-Origin-Resource-Policy : same-origin - Cross-Origin-Embedder-Policy : require-corp - # Cross-Origin-Opener-Policy : same-origin - -/*.xml - Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; block-all-mixed-content; base-uri 'none' - -/*.png - Cross-Origin-Resource-Policy : cross-origin - -/*.jpg - Cross-Origin-Resource-Policy : cross-origin - -/.well-known/openpgpkey/hu/* - Access-Control-Allow-Origin: * +/* + Strict-Transport-Security : max-age=63072000; includeSubDomains; preload + Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' + X-Content-Type-Options : nosniff + Referrer-Policy : no-referrer + X-Frame-Options : DENY + X-XSS-Protection : 0 + Permissions-Policy : accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=() + Cross-Origin-Resource-Policy : same-origin + Cross-Origin-Embedder-Policy : require-corp + # Cross-Origin-Opener-Policy : same-origin + +/*.xml + Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; block-all-mixed-content; base-uri 'none' + +/*.png + Cross-Origin-Resource-Policy : cross-origin + +/*.jpg + Cross-Origin-Resource-Policy : cross-origin + +#/.well-known/openpgpkey/hu/* +# Access-Control-Allow-Origin: *