forked from forks/microblog.pub
Tweak security headers
This commit is contained in:
parent
a6fd8632a6
commit
42b23b4b01
1 changed files with 6 additions and 1 deletions
|
@ -133,7 +133,12 @@ class CustomMiddleware:
|
|||
# TODO(ts): disallow inline CSS?
|
||||
headers[
|
||||
"content-security-policy"
|
||||
] = "default-src 'self' style-src 'unsafe-inline';"
|
||||
] = "default-src 'self'; style-src 'self' 'unsafe-inline';"
|
||||
headers["permissions-policy"] = (
|
||||
"geolocation=(), midi=(), camera=(), usb=(), "
|
||||
"magnetometer=(), accelerometer=(), vr=(), speaker=(), "
|
||||
"ambient-light-sensor=(), gyroscope=(), microphone=()"
|
||||
)
|
||||
if not DEBUG:
|
||||
headers[
|
||||
"strict-transport-security"
|
||||
|
|
Loading…
Reference in a new issue