From 288d0bc8860100a332876ffda8aeb8b51eba91c8 Mon Sep 17 00:00:00 2001
From: Chris Lovering <chris.lovering.95@gmail.com>
Date: Mon, 19 Aug 2024 01:55:07 +0100
Subject: Add more security headers

---
 thallium-backend/src/app.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'thallium-backend/src')

diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py
index 3e5847c..bd6d080 100644
--- a/thallium-backend/src/app.py
+++ b/thallium-backend/src/app.py
@@ -41,4 +41,9 @@ async def add_process_time_and_security_headers(
     response.headers["X-XSS-Protection"] = "1; mode=block"
     response.headers["Strict-Transport-Security"] = "max-age=31536000"
     response.headers["X-Content-Type-Options"] = "nosniff"
+    response.headers["Content-Security-Policy"] = "default-src 'self'"
+    response.headers["Referrer-Policy"] = "no-referrer"
+    response.headers["Permissions-Policy"] = (
+        "camera=(), display-capture(), fullscreen(), geolocation=(), microphone(), screen-wake-lock(), web-share()"
+    )
     return response
-- 
cgit v1.2.3