Add secure headers middlware in dev config

2024-10-21 17:13:31 +02:00 · 2024-10-21 17:13:31 +02:00 · c8e8dfae41
commit c8e8dfae41
parent d1102dcf8b
1 changed files with 10 additions and 0 deletions
--- a/nixin_farm_ssr/config/development.yaml
+++ b/nixin_farm_ssr/config/development.yaml
@ -68,6 +68,16 @@ server:
    # (client-block-end)
    #

+    # #############################################
+    # Secure headers middleware
+    # #############################################
+    secure_headers:
+        preset: github
+        overrides:
+            # this allows you to use HTMX, and has unsafe-inline. Remove or consider in production
+            "Content-Security-Policy": "default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-inline' 'self' https:; style-src 'self' https: 'unsafe-inline'"
+
+
 # Worker Configuration
 workers:
  # specifies the worker mode. Options: