Tweak security headers
parent
a6fd8632a6
commit
42b23b4b01
|
@ -133,7 +133,12 @@ class CustomMiddleware:
|
||||||
# TODO(ts): disallow inline CSS?
|
# TODO(ts): disallow inline CSS?
|
||||||
headers[
|
headers[
|
||||||
"content-security-policy"
|
"content-security-policy"
|
||||||
] = "default-src 'self' style-src 'unsafe-inline';"
|
] = "default-src 'self'; style-src 'self' 'unsafe-inline';"
|
||||||
|
headers["permissions-policy"] = (
|
||||||
|
"geolocation=(), midi=(), camera=(), usb=(), "
|
||||||
|
"magnetometer=(), accelerometer=(), vr=(), speaker=(), "
|
||||||
|
"ambient-light-sensor=(), gyroscope=(), microphone=()"
|
||||||
|
)
|
||||||
if not DEBUG:
|
if not DEBUG:
|
||||||
headers[
|
headers[
|
||||||
"strict-transport-security"
|
"strict-transport-security"
|
||||||
|
|
Loading…
Reference in New Issue