diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-05-05 08:50:21 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-05-05 08:50:33 +0200 |
commit | f27636dd14cc06b84f1564f48c148be7394540b3 (patch) | |
tree | 5d6a4ec97f9c549f27fe67bc0eefe9d49e306f0c /app/garage | |
parent | d7164c7d90c1795ddb6d5da50bd6edfea9f6a67f (diff) | |
download | infrastructure-f27636dd14cc06b84f1564f48c148be7394540b3.tar.gz infrastructure-f27636dd14cc06b84f1564f48c148be7394540b3.zip |
Add headers in Garage
Diffstat (limited to 'app/garage')
-rw-r--r-- | app/garage/deploy/garage.hcl | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/garage/deploy/garage.hcl b/app/garage/deploy/garage.hcl index 67db8df..4fa12d7 100644 --- a/app/garage/deploy/garage.hcl +++ b/app/garage/deploy/garage.hcl @@ -98,7 +98,10 @@ job "garage" { tags = [ "garage-web", "tricot * 1", - "tricot-add-header Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'" + "tricot-add-header Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://code.jquery.com/; frame-ancestors 'self'", + "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload", + "tricot-add-header X-Frame-Options SAMEORIGIN", + "tricot-add-header X-XSS-Protection 1; mode=block", ] port = 3902 address_mode = "driver" |