From 42b23b4b014e70fd0b114519dc4a22565ca769ea Mon Sep 17 00:00:00 2001 From: Thomas Sileo Date: Sat, 16 Jul 2022 08:21:15 +0200 Subject: [PATCH] Tweak security headers --- app/main.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/main.py b/app/main.py index d710690..37de9ef 100644 --- a/app/main.py +++ b/app/main.py @@ -133,7 +133,12 @@ class CustomMiddleware: # TODO(ts): disallow inline CSS? headers[ "content-security-policy" - ] = "default-src 'self' style-src 'unsafe-inline';" + ] = "default-src 'self'; style-src 'self' 'unsafe-inline';" + headers["permissions-policy"] = ( + "geolocation=(), midi=(), camera=(), usb=(), " + "magnetometer=(), accelerometer=(), vr=(), speaker=(), " + "ambient-light-sensor=(), gyroscope=(), microphone=()" + ) if not DEBUG: headers[ "strict-transport-security"