colin
/
resume
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update docker/resume/Caddyfile
ci/woodpecker/push/woodpecker Pipeline failed Details

This commit is contained in:
colin 2025-03-31 00:14:49 -04:00
parent 12f3ca9a3b
commit 2e9c196d8a
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docker/resume/Caddyfile
View File

@ -6,15 +6,15 @@
# Security headers # Security headers
header { header {
# HSTS # HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Strict-Transport-Security "max-age=31536000; includeSubDomains"
# Basic security headers # Basic security headers
X-Frame-Options "SAMEORIGIN" X-Frame-Options "DENY"
X-Content-Type-Options "nosniff" X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin" Referrer-Policy "strict-origin-when-cross-origin"
# Permissions policy # Permissions policy
Permissions-Policy "camera=(), microphone=(), geolocation=(), accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()" Permissions-Policy "geolocation=(), microphone=(), camera=()"
# Cross-origin isolation headers # Cross-origin isolation headers
Cross-Origin-Embedder-Policy "require-corp" Cross-Origin-Embedder-Policy "require-corp"
@ -22,7 +22,7 @@
Cross-Origin-Opener-Policy "same-origin" Cross-Origin-Opener-Policy "same-origin"
# Simplified CSP for static content # Simplified CSP for static content
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; base-uri 'self'; form-action 'self'" Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';"
} }
# Handle 404s # Handle 404s