all repos — searchix @ b53769462bf830f860b7d741a3d0801afdbc9aa2

Search engine for NixOS, nix-darwin, home-manager and NUR users

feat: make security headers stricter

Alan Pearce
commit

b53769462bf830f860b7d741a3d0801afdbc9aa2

parent

4698a97974ae82e7bd8592828c58294b222a58ff

1 file changed, 8 insertions(+), 6 deletions(-)

changed files
M defaults.tomldefaults.toml
@@ -20,16 +20,16 @@ ExtraHeadHTML = ''
 
 # Content-Security-Policy header to send with requests. Should only need changing if ExtraHeadHTML is used.
 [Web.ContentSecurityPolicy]
-base-uri = []
+base-uri = ["'none'"]
 block-all-mixed-content = false
 child-src = []
-connect-src = []
-default-src = ["'self'"]
+connect-src = ["'self'"]
+default-src = ["'none'"]
 font-src = []
-form-action = []
+form-action = ["'self'"]
 frame-ancestors = []
 frame-src = []
-img-src = []
+img-src = ["'self'"]
 manifest-src = []
 media-src = []
 navigate-to = []

@@ -45,7 +45,7 @@ sandbox = ''
 script-src = []
 script-src-attr = []
 script-src-elem = []
-style-src = []
+style-src = ["'self'"]
 style-src-attr = []
 style-src-elem = []
 trusted-types = []

@@ -54,7 +54,9 @@ worker-src = []
 
 # Extra headers to send with HTTP requests
 [Web.Headers]
+strict-transport-security = 'max-age=31536000'
 x-content-type-options = 'nosniff'
+x-frame-options = 'DENY'
 
 # Settings for the import job
 [Importer]