Skip to content
This repository has been archived by the owner on Mar 16, 2023. It is now read-only.

Commit

Permalink
improved CSP to contain form-action and experimental require-sri-for
Browse files Browse the repository at this point in the history
  • Loading branch information
@yahesh
yahesh committed Jan 8, 2018
1 parent 1fc8b4b commit 2eef6cd
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,13 @@ server {

Furthermore the following HTTP headers have to be set (Nginx example):
```
add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'self'";
add_header Content-Security-Policy "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
add_header Referrer-Policy "same-origin";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Content-Security-Policy "default-src 'self'; frame-ancestors 'self'";
add_header X-Content-Security-Policy "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Webkit-CSP "default-src 'self'; frame-ancestors 'self'";
add_header X-Webkit-CSP "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
add_header X-XSS-Protection "1; mode=block";
```

Expand Down

0 comments on commit 2eef6cd

Please sign in to comment.