diff --git a/nixin_farm_ssr/config/development.yaml b/nixin_farm_ssr/config/development.yaml index 020e45c..0cf43c6 100644 --- a/nixin_farm_ssr/config/development.yaml +++ b/nixin_farm_ssr/config/development.yaml @@ -68,6 +68,16 @@ server: # (client-block-end) # + # ############################################# + # Secure headers middleware + # ############################################# + secure_headers: + preset: github + overrides: + # this allows you to use HTMX, and has unsafe-inline. Remove or consider in production + "Content-Security-Policy": "default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-inline' 'self' https:; style-src 'self' https: 'unsafe-inline'" + + # Worker Configuration workers: # specifies the worker mode. Options: