about summary refs log tree commit diff stats
path: root/defaults.toml
diff options
context:
space:
mode:
authorAlan Pearce2024-05-30 14:01:35 +0200
committerAlan Pearce2024-05-30 14:01:35 +0200
commitb53769462bf830f860b7d741a3d0801afdbc9aa2 (patch)
tree1cdfffca23900dcf54cfa1f78e6012a73221a042 /defaults.toml
parent4698a97974ae82e7bd8592828c58294b222a58ff (diff)
downloadsearchix-b53769462bf830f860b7d741a3d0801afdbc9aa2.tar.lz
searchix-b53769462bf830f860b7d741a3d0801afdbc9aa2.tar.zst
searchix-b53769462bf830f860b7d741a3d0801afdbc9aa2.zip
feat: make security headers stricter
Diffstat (limited to 'defaults.toml')
-rw-r--r--defaults.toml14


1 files changed, 8 insertions, 6 deletions
diff --git a/defaults.toml b/defaults.toml
index 3822d02..6285de0 100644
--- a/defaults.toml
+++ b/defaults.toml
@@ -20,16 +20,16 @@ ExtraHeadHTML = ''
 
 # Content-Security-Policy header to send with requests. Should only need changing if ExtraHeadHTML is used.
 [Web.ContentSecurityPolicy]
-base-uri = []
+base-uri = ["'none'"]
 block-all-mixed-content = false
 child-src = []
-connect-src = []
-default-src = ["'self'"]
+connect-src = ["'self'"]
+default-src = ["'none'"]
 font-src = []
-form-action = []
+form-action = ["'self'"]
 frame-ancestors = []
 frame-src = []
-img-src = []
+img-src = ["'self'"]
 manifest-src = []
 media-src = []
 navigate-to = []
@@ -45,7 +45,7 @@ sandbox = ''
 script-src = []
 script-src-attr = []
 script-src-elem = []
-style-src = []
+style-src = ["'self'"]
 style-src-attr = []
 style-src-elem = []
 trusted-types = []
@@ -54,7 +54,9 @@ worker-src = []
 
 # Extra headers to send with HTTP requests
 [Web.Headers]
+strict-transport-security = 'max-age=31536000'
 x-content-type-options = 'nosniff'
+x-frame-options = 'DENY'
 
 # Settings for the import job
 [Importer]

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 21:26:22 +0000