github/tw-did
1
1
Fork 0
mirror of https://github.com/moda-gov-tw/tw-did.git synced 2026-01-10 05:07:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: update headers of static web

Browse Source
This commit is contained in:
Philip Hsu
2023-12-12 12:02:34 +08:00
parent a9dd1003ed
commit a27c54deb3
1 changed files with 15 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
apps/server/src/app/app.module.ts
View File

@@ -29,27 +29,25 @@ import { IssuanceModule } from '../issuance/issuance.module';
rootPath: clientPath,
serveStaticOptions: {
setHeaders(res) {
const cspHeader = (
"default-src 'self'; " +
"img-src 'self'; " +
"child-src 'none'; " +
"script-src 'self' 'wasm-unsafe-eval'; " +
"connect-src 'self' https://tw-did.github.io https://mainnet.infura.io; " +
"style-src 'self' https://fonts.googleapis.com; " +
"font-src 'self' https://fonts.gstatic.com; " +
"object-src 'self'; " +
"base-uri 'self'; " +
"form-action 'self'; " +
"frame-ancestors 'self'; " +
"frame-src 'self'; " +
"block-all-mixed-content; " +
"upgrade-insecure-requests;"
).replace(/\s{2,}/g, " ").trim()
const cspHeader = `
default-src 'self';
img-src 'self';
child-src 'none';
script-src 'self' 'wasm-unsafe-eval';
connect-src 'self' https://tw-did.github.io https://mainnet.infura.io;
style-src 'self' https://fonts.googleapis.com;
font-src 'self' https://fonts.gstatic.com;
object-src 'self';
base-uri 'self';
form-action 'self';
frame-ancestors 'self';
frame-src 'self';
upgrade-insecure-requests;
`.replace(/\s{2,}/g, " ").trim()
res.setHeader('Content-Security-Policy', cspHeader)
res.setHeader('X-Frame-Options', 'DENY')
res.setHeader('X-Content-Type-Options', 'nosniff')
res.setHeader('Referrer-Policy', 'origin-when-cross-origin')
res.removeHeader('access-control-allow-origin')
},