29 lines
603 B
YAML
29 lines
603 B
YAML
# Sets
|
|
#
|
|
# Should yield the follwoiung header:
|
|
# "Content-Security-Policy: default-src 'self';
|
|
# script-src 'self' example.com;object-src 'none';
|
|
# upgrade-insecure-requests"
|
|
# Note: embedded single quotes are required
|
|
default-src: [ "'self'" ]
|
|
base-uri: [ "'self'" ]
|
|
font-src:
|
|
- "'self'"
|
|
- "https:"
|
|
- "data:"
|
|
form-action: [ "'self'" ]
|
|
frame-ancestors: [ "'self'" ]
|
|
img-src:
|
|
- "'self'"
|
|
- "data:"
|
|
object-src: [ "'none'" ]
|
|
script-src:
|
|
- "'self'"
|
|
- example.com
|
|
script-src-attr: [ "'none'" ]
|
|
style-src:
|
|
- "'self'"
|
|
- "https:"
|
|
- "'unsafe-inline'"
|
|
upgrade-insecure-requests: []
|