mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2025-03-13 17:19:52 +00:00
Update fileConfig.yml
add missing permission policy + csp directives
This commit is contained in:
parent
d611a3a1d4
commit
af2bcf2e7d
@ -58,7 +58,7 @@ http:
|
||||
Server: "" # prevent version disclosure
|
||||
X-Powered-By: "" # prevent version disclosure
|
||||
X-Forwarded-Proto: "https"
|
||||
#Permissions-Policy: "geolocation=(self), midi=(self), camera=(self), usb=(self), magnetometer=(self), accelerometer=(self), gyroscope=(self), microphone=(self)"
|
||||
#Permissions-Policy: "accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
|
||||
#Cross-Origin-Embedder-Policy: "unsafe-none"
|
||||
#Cross-Origin-Opener-Policy: "same-origin"
|
||||
#Cross-Origin-Resource-Policy: "same-site"
|
||||
@ -76,7 +76,7 @@ http:
|
||||
stsIncludeSubdomains: true # HTTP-Strict-Transport-Security (HSTS)
|
||||
stsSeconds: 63072000 # HTTP-Strict-Transport-Security (HSTS)
|
||||
stsPreload: true # HTTP-Strict-Transport-Security (HSTS)
|
||||
#contentSecurityPolicy: "block-all-mixed-content" # Content-Security-Policy (CSP)
|
||||
#contentSecurityPolicy: "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content" # Content-Security-Policy (CSP)
|
||||
|
||||
# Authelia guard
|
||||
authelia:
|
||||
|
Loading…
x
Reference in New Issue
Block a user