-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcustomHttp.yml
39 lines (39 loc) · 1.56 KB
/
customHttp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
customHeaders:
- pattern: "**/*"
headers:
- key: X-Frame-Options
value: SAMEORIGIN
- key: X-Content-Type-Options
value: nosniff
- key: Strict-Transport-Security
value: max-age=31536000; includeSubDomains
- key: Cache-Control
value: public, max-age=3600, must-revalidate
- key: Content-Security-Policy
value: >-
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
font-src 'self' data: https://fonts.gstatic.com;
img-src 'self' data: https://cdnjs.cloudflare.com blob:;
connect-src 'self' https://*.amazonaws.com https://*.amplifyapp.com;
frame-ancestors 'self';
form-action 'self';
media-src 'self';
worker-src 'self' blob:;
child-src 'self' blob:;
upgrade-insecure-requests;
- key: Referrer-Policy
value: strict-origin-when-cross-origin
- key: Permissions-Policy
value: camera=(), microphone=(), geolocation=()
- key: Feature-Policy
value: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope
'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb
'none'
- key: Access-Control-Allow-Origin
value: "*"
- key: Access-Control-Allow-Methods
value: "GET, POST, OPTIONS"
- key: Access-Control-Allow-Headers
value: "Origin, X-Requested-With, Content-Type, Accept"