From c8e8dfae41f2146ea15c42ba18a57b661ac991b6 Mon Sep 17 00:00:00 2001 From: Fabrice Bellamy <12b@distrilab.fr> Date: Mon, 21 Oct 2024 17:13:31 +0200 Subject: [PATCH] Add secure headers middlware in dev config --- nixin_farm_ssr/config/development.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nixin_farm_ssr/config/development.yaml b/nixin_farm_ssr/config/development.yaml index 020e45c..0cf43c6 100644 --- a/nixin_farm_ssr/config/development.yaml +++ b/nixin_farm_ssr/config/development.yaml @@ -68,6 +68,16 @@ server: # (client-block-end) # + # ############################################# + # Secure headers middleware + # ############################################# + secure_headers: + preset: github + overrides: + # this allows you to use HTMX, and has unsafe-inline. Remove or consider in production + "Content-Security-Policy": "default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-inline' 'self' https:; style-src 'self' https: 'unsafe-inline'" + + # Worker Configuration workers: # specifies the worker mode. Options: