1
0
angie-conv-image/angie/j2cfg.dist/add-response-headers.yml

12 lines
676 B
YAML

add_response_headers:
Access-Control-Allow-Origin: "*"
Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
Access-Control-Allow-Methods: "GET, HEAD, POST, PUT, DELETE, OPTIONS"
Content-Security-Policy: "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self';"
Permissions-Policy: "microphone=(), camera=(), geolocation=(), interest-cohort=()"
Referrer-Policy: "no-referrer-when-downgrade"
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options: "nosniff"
X-Frame-Options: "SAMEORIGIN"
X-XSS-Protection: "1; mode=block"