Security Header Fixes

Signed-off-by: Tommy <contact@tommytran.io>
2024-12-22 04:41:33 -05:00 · 2022-07-17 22:05:24 -04:00 · 2022-07-17 22:05:24 -04:00 · 44121962e8
commit 44121962e8
parent a3db8dbb94
1 changed files with 41 additions and 36 deletions
--- a/firebase.json
+++ b/firebase.json
@ -3,42 +3,47 @@
    "public": "public",
    "headers": [ 
      {
-        "key": "Content-Security-Policy",
+        "source": "*",
-        "value": "upgrade-insecure-requests; block-all-mixed-content; form-action 'none'; frame-ancestors 'self'"
+        "headers": [
-      },
+          {
-      {
+            "key": "Content-Security-Policy",
-        "key": "X-Content-Type-Options",
+            "value": "upgrade-insecure-requests; block-all-mixed-content; form-action 'none'; frame-ancestors 'self'"
-        "value": "nosniff"
+          },
-      },    
+          {
-      {
+            "key": "X-Content-Type-Options",
-        "key": "Referrer-Policy",
+            "value": "nosniff"
-        "value": "no-referrer"
+          },    
-      },   
+          {
-      {
+            "key": "Referrer-Policy",
-        "key": "Cross-Origin-Opener-Policy",
+            "value": "no-referrer"
-        "value": "same-origin"
+          },   
-      },   
+          {
-      {
+            "key": "Cross-Origin-Opener-Policy",
-        "key": "Cross-Origin-Embedder-Policy",
+            "value": "same-origin"
-        "value": "require-corp"
+          },   
-      },   
+          {
-      {
+            "key": "Cross-Origin-Embedder-Policy",
-        "key": "X-Frame-Options",
+            "value": "require-corp"
-        "value": "DENY"
+          },   
-      },  
+          {
-      {
+            "key": "X-Frame-Options",
-        "key": "X-XSS-Protection",
+            "value": "DENY"
-        "value": "0"
+          },  
-      },  
+          {
-      {
+            "key": "X-XSS-Protection",
-        "key": "Permissions-Policy",
+            "value": "0"
-        "value": "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"
+          },  
-      },  
+          {
-      {
+            "key": "Permissions-Policy",
-        "key": "Cross-Origin-Resource-Policy",
+            "value": "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"
-        "value": "same-origin"
+          },  
-      }
+          {
-    ],
+            "key": "Cross-Origin-Resource-Policy",
            "value": "same-origin"
          }
        ]
      }    
     ],
    "ignore": [
      "firebase.json",
      "**/.*",