diff options
| author |  Chris Lovering <[email protected]> | 2024-08-19 01:55:07 +0100 |
|---|---|---|
| committer | Chris Lovering <[email protected]> | 2024-08-19 01:55:07 +0100 |
| commit | 288d0bc8860100a332876ffda8aeb8b51eba91c8 (patch) | |
| tree | 59eb2d8753b434a68a223042ef0243d00c3dc53c /thallium-backend | |
| parent | Add an example endpoint for making requests to printful (diff) | |
Add more security headers
Diffstat (limited to 'thallium-backend')
| -rw-r--r-- | thallium-backend/src/app.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py index 3e5847c..bd6d080 100644 --- a/thallium-backend/src/app.py +++ b/thallium-backend/src/app.py @@ -41,4 +41,9 @@ async def add_process_time_and_security_headers( response.headers["X-XSS-Protection"] = "1; mode=block" response.headers["Strict-Transport-Security"] = "max-age=31536000" response.headers["X-Content-Type-Options"] = "nosniff" + response.headers["Content-Security-Policy"] = "default-src 'self'" + response.headers["Referrer-Policy"] = "no-referrer" + response.headers["Permissions-Policy"] = ( + "camera=(), display-capture(), fullscreen(), geolocation=(), microphone(), screen-wake-lock(), web-share()" + ) return response |