From f91b21742c5f6880e56ae96e1bd94861d217b101 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Sat, 16 Sep 2023 12:58:25 +0200 Subject: Send HSTS header from Fly proxy Bun seems to eat this header otherwise --- config.toml | 3 +-- fly.toml | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config.toml b/config.toml index 7dbffcc..f7ec542 100644 --- a/config.toml +++ b/config.toml @@ -28,8 +28,7 @@ webserver_sends_csp_headers = true [extra.headers] cache-control = "max-age=14400" x-content-type-options = "nosniff" -strict-transport-security = "max-age=31536000; includeSubdomains; preload" -content-security-policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'self'; style-src 'unsafe-inline'; form-action 'none'; base-uri 'self'" +content-security-policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'self'; style-src 'unsafe-inline'; form-action 'none'; base-uri 'self'; frame-ancestors https://kagi.com;" [[extra.main_menu]] name = "Posts" diff --git a/fly.toml b/fly.toml index d58112b..6d8757f 100644 --- a/fly.toml +++ b/fly.toml @@ -19,3 +19,5 @@ primary_region = "ams" auto_start_machines = true min_machines_running = 3 processes = ["app"] +[http_service.http_options.response.headers] + Strict-Transport-Security = "max-age=31536000; includeSubdomains; preload" -- cgit 1.4.1