Security Headers

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-07-17 21:26:32 -04:00 committed by tommytran732
parent 758f950697
commit a3db8dbb94
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
2 changed files with 41 additions and 3 deletions

View File

@ -50,10 +50,10 @@ params:
url: tags
socialIcons:
- name: matrix
url: "https://matrix.to/#/#privsec:arcticfoxes.net"
- name: github
url: "https://github.com/PrivSec-dev"
- name: matrix
url: "https://matrix.to/#/#privsec:arcticfoxes.net"
- name: email
url: "mailto:contact@privsec.dev"
- name: rss

View File

@ -1,6 +1,44 @@
{
"hosting": {
"public": "public",
"headers": [
{
"key": "Content-Security-Policy",
"value": "upgrade-insecure-requests; block-all-mixed-content; form-action 'none'; frame-ancestors 'self'"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "Referrer-Policy",
"value": "no-referrer"
},
{
"key": "Cross-Origin-Opener-Policy",
"value": "same-origin"
},
{
"key": "Cross-Origin-Embedder-Policy",
"value": "require-corp"
},
{
"key": "X-Frame-Options",
"value": "DENY"
},
{
"key": "X-XSS-Protection",
"value": "0"
},
{
"key": "Permissions-Policy",
"value": "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"
},
{
"key": "Cross-Origin-Resource-Policy",
"value": "same-origin"
}
],
"ignore": [
"firebase.json",
"**/.*",