Browse Source

CSP for vimeo

master
David Larlet 11 months ago
parent
commit
28603b6ff4
Signed by: David Larlet <david@larlet.fr> GPG Key ID: 3E2953A359E7E7BD
1 changed files with 1 additions and 1 deletions
  1. 1
    1
      theme/root/.htaccess

+ 1
- 1
theme/root/.htaccess View File

@@ -40,7 +40,7 @@ ExpiresByType application/x-font-woff2 "access plus 1 year"

Header always set Strict-Transport-Security "max-age=31536000; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *"
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *; frame-src 'self' https://player.vimeo.com; script-src 'self' 'unsafe-inline' https://player.vimeo.com"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "origin"

Loading…
Cancel
Save