yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-02 02:44:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11362 from strapi/v4/security-config

Browse Source 
[V4] Stricter CSP security config
This commit is contained in:
Alexandre BODIN 2021-10-27 14:25:33 +02:00 committed by GitHub
commit ab8f0ba2f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/core/strapi/lib/middlewares/security.js
View File

@ -8,7 +8,12 @@ const defaults = {
crossOriginOpenerPolicy: false,
crossOriginResourcePolicy: false,
originAgentCluster: false,
contentSecurityPolicy: false,
contentSecurityPolicy: {
useDefaults: true,
directives: {
'connect-src': ["'self'", 'https:'],
},
},
xssFilter: false,
hsts: {
maxAge: 31536000,