search

nspcc-dev / send-fs-neo-org

Send.NeoFS is a simple example of integration with NeoFS network via HTTP protocol
http://send.fs.neo.org/
GNU General Public License v3.0
1 stars 1 forks source link

Add Content-Security-Policy header #42

Closed mike-petrov closed 1 year ago

mike-petrov commented 1 year ago

closes #11

Signed-off-by: Mikhail Petrov mike@nspcc.ru

mike-petrov commented 1 year ago

There is special extension for generate CPS: https://csper.io/generator

Output after analysing: default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://646f69e16de1519cde13c222.endpoint.csper.io/?v=0; worker-src 'none';

But I made the policy even stricter.