octo/microblog.pub
1
0
Fork 0
mirror of https://git.sr.ht/~tsileo/microblog.pub synced 2025-06-05 21:59:23 +02:00
Code Issues Projects Releases Wiki Activity

Tweak security headers

Browse Source
This commit is contained in:
Thomas Sileo
2022-07-16 08:21:15 +02:00
parent a6fd8632a6
commit 42b23b4b01
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/main.py
View File

@ -133,7 +133,12 @@ class CustomMiddleware:
# TODO(ts): disallow inline CSS?
headers[
"content-security-policy"
] = "default-src 'self' style-src 'unsafe-inline';"
] = "default-src 'self'; style-src 'self' 'unsafe-inline';"
headers["permissions-policy"] = (
"geolocation=(), midi=(), camera=(), usb=(), "
"magnetometer=(), accelerometer=(), vr=(), speaker=(), "
"ambient-light-sensor=(), gyroscope=(), microphone=()"
)
if not DEBUG:
headers[
"strict-transport-security"