mathdatech/Compose-Examples
1
0
Fork 0
mirror of https://github.com/Haxxnet/Compose-Examples synced 2024-10-06 12:59:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update fileConfig.yml

Browse Source 
add missing permission policy + csp directives
This commit is contained in:
LRVT 2024-02-14 17:47:39 +01:00 committed by GitHub
parent d611a3a1d4
commit af2bcf2e7d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/traefik/fileConfig.yml
View File

@ -58,7 +58,7 @@ http:
Server: "" # prevent version disclosure Server: "" # prevent version disclosure
X-Powered-By: "" # prevent version disclosure X-Powered-By: "" # prevent version disclosure
X-Forwarded-Proto: "https" X-Forwarded-Proto: "https"
#Permissions-Policy: "geolocation=(self), midi=(self), camera=(self), usb=(self), magnetometer=(self), accelerometer=(self), gyroscope=(self), microphone=(self)" #Permissions-Policy: "accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
#Cross-Origin-Embedder-Policy: "unsafe-none" #Cross-Origin-Embedder-Policy: "unsafe-none"
#Cross-Origin-Opener-Policy: "same-origin" #Cross-Origin-Opener-Policy: "same-origin"
#Cross-Origin-Resource-Policy: "same-site" #Cross-Origin-Resource-Policy: "same-site"
@ -76,7 +76,7 @@ http:
stsIncludeSubdomains: true # HTTP-Strict-Transport-Security (HSTS) stsIncludeSubdomains: true # HTTP-Strict-Transport-Security (HSTS)
stsSeconds: 63072000 # HTTP-Strict-Transport-Security (HSTS) stsSeconds: 63072000 # HTTP-Strict-Transport-Security (HSTS)
stsPreload: true # HTTP-Strict-Transport-Security (HSTS) stsPreload: true # HTTP-Strict-Transport-Security (HSTS)
#contentSecurityPolicy: "block-all-mixed-content" # Content-Security-Policy (CSP) #contentSecurityPolicy: "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content" # Content-Security-Policy (CSP)
# Authelia guard # Authelia guard
authelia: authelia: