summaryrefslogtreecommitdiffstats
path: root/roles/pagure/frontend/templates/securityheaders.conf
blob: 0ed22cfaa9f3f20332231a1238d262cb9e5115a7 (plain)
1
2
3
4
5
6
7
Header always set X-Frame-Options "ALLOW-FROM https://pagure.io/"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
{% if env != 'pagure-staging' %}
Header always set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"
{% endif %}