mirror of
https://github.com/tommytran732/Vaultwarden-Docker-Compose
synced 2024-11-24 06:31:34 -05:00
Compare commits
No commits in common. "6e0ed8522a5fd70b6b2f799b6eba52705d4bfe1e" and "e76b589397254ac2105ae5bc59f82d5bba615f05" have entirely different histories.
6e0ed8522a
...
e76b589397
@ -30,8 +30,8 @@
|
|||||||
# log, so that fail2ban can ban the correct IP.
|
# log, so that fail2ban can ban the correct IP.
|
||||||
header_up X-Real-IP {remote_host}
|
header_up X-Real-IP {remote_host}
|
||||||
header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
|
header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
|
||||||
header_down +Permissions-Policy "hid=(), idle-detection=(), interest-cohort=(), serial=()"
|
header_down Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"
|
||||||
header_down +Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'"
|
header_down Content-Security-Policy "default-src 'self'; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://*; img-src 'self' data: https://haveibeenpwned.com/ https://www.gravatar.com; connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://api.fastmail.com/; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'"
|
||||||
header_down X-XSS-Protection "0"
|
header_down X-XSS-Protection "0"
|
||||||
header_down Cross-Origin-Opener-Policy same-origin
|
header_down Cross-Origin-Opener-Policy same-origin
|
||||||
header_down Cross-Origin-Resource-Policy : same-origin
|
header_down Cross-Origin-Resource-Policy : same-origin
|
||||||
|
Loading…
Reference in New Issue
Block a user