rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Security headers

Browse Source
This commit is contained in:
Mo Bitar
2019-10-21 16:11:49 -05:00
parent 2de2781d55
commit fa7f578ba4
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/application.rb
View File

@@ -29,7 +29,10 @@ module StandardNotes
} }
SecureHeaders::Configuration.default do |config| SecureHeaders::Configuration.default do |config|
config.x_frame_options = "ALLOWALL" config.x_frame_options = "SAMEORIGIN"
config.x_content_type_options = "nosniff"
config.x_xss_protection = "1; mode=block"
config.hsts = "max-age=#{1.week.to_i}"
config.csp = { config.csp = {
# "meta" values. these will shape the header, but the values are not included in the header. # "meta" values. these will shape the header, but the values are not included in the header.
preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content. preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.