privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-24 12:21:09 +00:00
Code Issues Activity

Stop using Netlify for production hosting (#2472)

Browse Source 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Jonah Aragon
2024-04-02 09:51:56 +00:00
committed by Daniel Gray
parent 1372587017
commit b536928661
22 changed files with 427 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
config/caddy/common/30-headers.caddy Normal file
View File

@@ -0,0 +1,16 @@
header X-Frame-Options SAMEORIGIN
header X-Content-Type-Options nosniff
header X-XSS-Protection 0
vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
# You can check whether a CSP directive will fall back to default-src on MDN.
# Add CSP directives WITH a default-src fallback here:
header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
# Add CSP directives WITHOUT a default-src fallback here:
header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
header Access-Control-Allow-Origin "*"
header @static Cache-Control max-age=2592000