From d2a0fd14e05ef6b0b9fca454f8996faf86f94204 Mon Sep 17 00:00:00 2001 From: Anoduck <9925396+anoduck@users.noreply.github.com> Date: Sun, 8 Sep 2024 14:54:54 +0000 Subject: Initial commit --- config/_default/server.toml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 config/_default/server.toml (limited to 'config/_default/server.toml') diff --git a/config/_default/server.toml b/config/_default/server.toml new file mode 100644 index 0000000..c80d88d --- /dev/null +++ b/config/_default/server.toml @@ -0,0 +1,40 @@ +[[headers]] +for = '/**' +[headers.values] + Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload" + X-Content-Type-Options = "nosniff" + X-XSS-Protection = "1; mode=block" + Content-Security-Policy = """\ + default-src 'self'; \ + script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; \ + style-src 'self' https://fonts.googleapis.com https://www.youtube.com; \ + object-src 'none'; \ + base-uri 'self'; \ + connect-src 'self' + https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; \ + font-src 'self' https://fonts.gstatic.com; \ + frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; \ + img-src 'self' data: https://i.vimeocdn.com https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \ + manifest-src 'self'; \ + media-src 'self' \ + """ + X-Frame-Options = "SAMEORIGIN" + Referrer-Policy = "strict-origin" + Permissions-Policy = """\ + geolocation=(), \ + midi=(), \ + sync-xhr=(), \ + microphone=(), \ + camera=(), \ + magnetometer=(), \ + gyroscope=(), \ + fullscreen=(), \ + payment=() \ + """ + cache-control = """\ + max-age=0, \ + no-cache, \ + no-store, \ + must-revalidate \ + """ + Access-Control-Allow-Origin = "*" -- cgit v1.2.3