I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Unverified Commit ea8597d1 authored by zzz's avatar zzz
Browse files

Console: Add preliminary Permissions-Policy header 

other places TODO
parent 970be350
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/routerconsole/jsp/css.jsi
+ 3
2
View file @ ea8597d1
......@@ -48,9 +48,10 @@
// unsafe-inline is a fallback for browsers not supporting nonce
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'nonce-" + cspNonce + "'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
}
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture(), fullscreen=(self), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=(), vibrate=(), vr=()");
// https://www.w3.org/TR/referrer-policy/
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
// As of Chrome 56, Firefox 50, Opera 43. "same-origin" not widely supported.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]