httpjamesm
c680a81ce3
feat: monorepo, turbo config, minimal pkgs
2023-04-18 17:29:40 -04:00
Manav
2373dab221
Add the URL of the secondary hot storage in the CSP whitelist
...
Tested by: making this change, and connecting to Phoenix museum (which serves
the secondary hot storage), and verifying that the CSP policy reports that were
getting logged to console no longer appear.
2023-01-06 19:18:52 +05:30
Abhinav
7117669491
block object src to none
2022-03-02 15:44:53 +05:30
Abhinav
1296e961d6
allow blob uri as child-src
2022-03-02 15:42:56 +05:30
Abhinav
b95223185d
update csp
2022-03-01 10:35:01 +05:30
Abhinav
6b7885711c
fix malformated csp directive
2022-02-25 12:13:51 +05:30
Abhinav
ab63fe86cd
update _header file with new CSP headers
2022-02-20 19:08:27 +05:30
Abhinav
72ed18f7aa
change csp to report only for deployment
2022-01-04 11:16:54 +05:30
Abhinav
b789e628ae
fix b2 domain for connect-src
2022-01-04 11:04:05 +05:30
Abhinav
db3820aba0
add b2 upload URL domain to connect-src
2022-01-03 18:33:12 +05:30
Abhinav
09e4f89aa8
allow blob for script src
2022-01-03 16:02:18 +05:30
Abhinav
9c0f123fb9
allow blob foir connect-src
2022-01-03 15:35:41 +05:30
Abhinav
52f0ac0027
update csp report URL
2022-01-03 15:10:01 +05:30
Abhinav
6e62f312bf
update to use ente domain url for workes instead of worker.dev cf domains
2021-12-20 15:51:24 +05:30
Abhinav
7b739ae003
add suggested observatory header
2021-12-03 20:38:03 +05:30
Abhinav
7df09a17ea
cleanup
2021-12-03 20:20:56 +05:30
Abhinav
5df92125f5
add unsafe eval to allow heif.js new Function() call
2021-12-03 17:23:16 +05:30
Abhinav
949dd07821
activate content scurity policy
2021-12-03 14:41:03 +05:30
Abhinav
5931bf87d0
add data: protocol for connect-src and remove require trusted for script
2021-12-03 14:40:12 +05:30
Abhinav
59b3745dbd
add unsafe inline to style-src
...
no good solution to implement nonce and hash exists current
https://github.com/styled-components/styled-components/issues/2363
https://github.com/vercel/next.js/issues/18557#issuecomment-768205738
2021-12-02 15:28:17 +05:30
Abhinav
e7bed748c4
fix report-uri
2021-12-02 14:49:11 +05:30
Abhinav
a8ad8b22ff
add missing report to and reporturi to
2021-12-02 14:47:00 +05:30
Abhinav
4b032058d7
move all directive except script-src to header
2021-12-02 14:33:36 +05:30
Abhinav
d88e64b2c4
add mode block to xss protection
2021-12-02 13:02:38 +05:30
Abhinav
87f3f7aa67
add Referrer-Policy header
2021-12-02 12:29:00 +05:30
Abhinav
366a283f65
move csp to meta tag in document to add inline script hash
2021-12-02 12:03:25 +05:30
Abhinav
4580470812
changed object src to none
2021-12-02 10:12:47 +05:30
Abhinav
d297b82887
fix csp self value , by adding quotes
2021-12-01 20:15:11 +05:30
Abhinav
bfd869503d
update csp to report only and add report URI
2021-12-01 18:37:10 +05:30
Abhinav
ec699c148f
added clouflare headers config file
2021-12-01 12:39:35 +05:30