File tree Expand file tree Collapse file tree 1 file changed +3
-14
lines changed
workshops/modernizr/clean-start/frontend/public Expand file tree Collapse file tree 1 file changed +3
-14
lines changed Original file line number Diff line number Diff line change 33 < head >
44 < meta charset ="utf-8 " />
55 < link rel ="icon " href ="%PUBLIC_URL%/favicon.ico " />
6- < meta name ="viewport " content ="width=device-width, initial-scale=1 " />
6+ < meta name ="viewport " content ="default-src 'self'; upgrade-insecure-requests; script-src 'self'; style-src 'self'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https:; media-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; " />
77
8- <!-- Security Headers - Development-friendly CSP -->
8+ <!-- Security Headers - Environment-based CSP -->
99 < meta http-equiv ="Content-Security-Policy "
10- content ="default-src 'self';
11- script-src 'self' 'unsafe-inline' 'unsafe-eval';
12- style-src 'self' 'unsafe-inline';
13- img-src 'self' data: https: blob:;
14- font-src 'self' data:;
15- connect-src 'self' http://localhost:* ws://localhost:* wss://localhost:*;
16- media-src 'self';
17- object-src 'none';
18- child-src 'none';
19- frame-ancestors 'none';
20- base-uri 'self';
21- form-action 'self'; ">
10+ content ="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' http://localhost:* ws://localhost:* wss://localhost:*; media-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; ">
2211 < meta http-equiv ="X-Frame-Options " content ="DENY ">
2312 < meta http-equiv ="X-Content-Type-Options " content ="nosniff ">
2413 < meta http-equiv ="X-XSS-Protection " content ="1; mode=block ">
You can’t perform that action at this time.
0 commit comments