diff --git a/netlify.toml b/netlify.toml index bff6125..d4f89d9 100644 --- a/netlify.toml +++ b/netlify.toml @@ -1,13 +1,13 @@ [[headers]] for = "/*" [headers.values] - Strict-Transport-Security = max-age=63072000; includeSubDomains; preload - Content-Security-Policy = child-src 'self'; connect-src 'self'; font-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' - X-Content-Type-Options = nosniff - Referrer-Policy = no-referrer - Cross-Origin-Opener-Policy = same-origin - Cross-Origin-Embedder-Policy = require-corp - X-Frame-Options = DENY - X-XSS-Protection = 0 - Permissions-Policy = accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=() - Cross-Origin-Resource-Policy = same-origin \ No newline at end of file + Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" + Content-Security-Policy = "child-src 'self'; connect-src 'self'; font-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "no-referrer" + Cross-Origin-Opener-Policy = "same-origin" + Cross-Origin-Embedder-Policy = "require-corp" + X-Frame-Options = "DENY" + X-XSS-Protection = "0" + Permissions-Policy = "accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" + Cross-Origin-Resource-Policy = "same-origin" \ No newline at end of file