changeset 204:1901cf7bac55 puppet-3.6

Increase the security for the common CSP headers
author IBBoard <dev@ibboard.co.uk>
date Wed, 29 May 2019 19:52:31 +0100
parents 6813609829e3
children ef5dadecfb0b
files modules/website/files/zzz-0-custom.conf
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/modules/website/files/zzz-0-custom.conf	Wed May 29 19:51:42 2019 +0100
+++ b/modules/website/files/zzz-0-custom.conf	Wed May 29 19:52:31 2019 +0100
@@ -91,6 +91,6 @@
 
 Header always set Referrer-Policy "no-referrer-when-downgrade"
 Header always set Expect-CT "max-age=0, report-uri='https://ibboard.report-uri.io/r/default/ct/reportOnly'"
-Header always set Content-Security-Policy "upgrade-insecure-requests"
+Header always set Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'none'; base-uri 'none'"
 Header always set Content-Security-Policy-Report-Only "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'"
 #; report-uri https://ibboard.report-uri.com/r/d/csp/reportOnly"
\ No newline at end of file