mirror of
https://github.com/humhub/humhub.git
synced 2025-01-17 22:28:51 +01:00
18696fc29c
- Fix: Fixed prod asset jQuery version - Fix: Use session based nonce - Fix: Change nonce after login - Enh: Added `humhub\modules\user\controllers\AuthController::EVENT_AFTER_LOGIN` triggered after login success response is rendered
39 lines
826 B
JSON
39 lines
826 B
JSON
{
|
|
"headers": {
|
|
"Strict-Transport-Security": "max-age=31536000",
|
|
"X-XSS-Protection": "1; mode=block",
|
|
"X-Content-Type-Options": "nosniff",
|
|
"X-Frame-Options": "deny",
|
|
"Referrer-Policy": "no-referrer-when-downgrade",
|
|
"X-Permitted-Cross-Domain-Policies": "master-only"
|
|
},
|
|
"csp": {
|
|
"nonce": true,
|
|
"report-only": false,
|
|
"report": false,
|
|
"default-src": {
|
|
"self": true
|
|
},
|
|
"img-src": {
|
|
"allow":["*"]
|
|
},
|
|
"font-src": {
|
|
"self": true
|
|
},
|
|
"style-src": {
|
|
"self": true,
|
|
"unsafe-inline": true
|
|
},
|
|
"object-src": {},
|
|
"frame-src": {
|
|
"allow":["*"]
|
|
},
|
|
"script-src": {
|
|
"self": true,
|
|
"unsafe-inline": true,
|
|
"unsafe-eval": false,
|
|
"report-sample": true
|
|
},
|
|
"upgrade-insecure-requests": true
|
|
}
|
|
} |