2373dab221
Tested by: making this change, and connecting to Phoenix museum (which serves the secondary hot storage), and verifying that the CSP policy reports that were getting logged to console no longer appear.
13 lines
924 B
Plaintext
13 lines
924 B
Plaintext
/*
|
|
Cache-Control: no-store, must-revalidate
|
|
Cross-Origin-Embedder-Policy: require-corp
|
|
Cross-Origin-Opener-Policy: same-origin
|
|
Strict-Transport-Security: max-age=63072000
|
|
X-Content-Type-Options: nosniff
|
|
X-Download-Options: noopen
|
|
X-Frame-Options: deny
|
|
X-XSS-Protection: 1; mode=block
|
|
Referrer-Policy: same-origin
|
|
Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' blob: data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-eval' blob:; manifest-src 'self'; child-src 'self' blob:; object-src 'none'; connect-src 'self' https://*.ente.io data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com https://ente-prod-v3.s3.eu-central-2.wasabisys.com/ ; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; report-uri https://csp-reporter.ente.io; report-to https://csp-reporter.ente.io;
|
|
|