jonny
/
microblog.pub
forked from forks/microblog.pub
1
0
Fork 0
Code Pull Requests Activity

Tweak security headers

This commit is contained in:
Thomas Sileo 2022-07-16 08:21:15 +02:00
parent a6fd8632a6
commit 42b23b4b01
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/main.py
View File

@ -133,7 +133,12 @@ class CustomMiddleware:
# TODO(ts): disallow inline CSS?
headers[
"content-security-policy"
] = "default-src 'self' style-src 'unsafe-inline';"
] = "default-src 'self'; style-src 'self' 'unsafe-inline';"
headers["permissions-policy"] = (
"geolocation=(), midi=(), camera=(), usb=(), "
"magnetometer=(), accelerometer=(), vr=(), speaker=(), "
"ambient-light-sensor=(), gyroscope=(), microphone=()"
)
if not DEBUG:
headers[
"strict-transport-security"