Mercurial > repos > other > Puppet
changeset 204:1901cf7bac55 puppet-3.6
Increase the security for the common CSP headers
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Wed, 29 May 2019 19:52:31 +0100 |
| parents | 6813609829e3 |
| children | ef5dadecfb0b |
| files | modules/website/files/zzz-0-custom.conf |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/website/files/zzz-0-custom.conf Wed May 29 19:51:42 2019 +0100 +++ b/modules/website/files/zzz-0-custom.conf Wed May 29 19:52:31 2019 +0100 @@ -91,6 +91,6 @@ Header always set Referrer-Policy "no-referrer-when-downgrade" Header always set Expect-CT "max-age=0, report-uri='https://ibboard.report-uri.io/r/default/ct/reportOnly'" -Header always set Content-Security-Policy "upgrade-insecure-requests" +Header always set Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'none'; base-uri 'none'" Header always set Content-Security-Policy-Report-Only "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'" #; report-uri https://ibboard.report-uri.com/r/d/csp/reportOnly" \ No newline at end of file