Ponysearch/ponysearch-docker
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Working Content-Security-Policy

Browse source
This commit is contained in:
Dalf 2019-07-02 18:23:20 +02:00
parent fe312fdae9
commit 5d75c112ca
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Caddyfile
View file

@ -17,10 +17,8 @@
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# CSP
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
X-WebKit-CSP "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
# CSP (see http://content-security-policy.com/ )
Content-Security-Policy "default-src 'self'; worker-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src http://www.youtube-nocookie.com http://player.vimeo.com http://www.dailymotion.com"
#
Access-Control-Allow-Methods "GET, POST, OPTIONS"