Tweak security headers

This commit is contained in:
Thomas Sileo 2022-07-16 08:21:15 +02:00
parent a6fd8632a6
commit 42b23b4b01

View file

@ -133,7 +133,12 @@ class CustomMiddleware:
# TODO(ts): disallow inline CSS?
headers[
"content-security-policy"
] = "default-src 'self' style-src 'unsafe-inline';"
] = "default-src 'self'; style-src 'self' 'unsafe-inline';"
headers["permissions-policy"] = (
"geolocation=(), midi=(), camera=(), usb=(), "
"magnetometer=(), accelerometer=(), vr=(), speaker=(), "
"ambient-light-sensor=(), gyroscope=(), microphone=()"
)
if not DEBUG:
headers[
"strict-transport-security"