more http/moz observatory findings

This commit is contained in:
Motiejus Jakštys 2024-08-24 17:14:21 +03:00
parent 9bb81cb1c9
commit cf47cbda1d

View File

@ -59,6 +59,7 @@
SHOW_MILESTONES_DASHBOARD_PAGE = false; SHOW_MILESTONES_DASHBOARD_PAGE = false;
COOKIE_SECURE = true; COOKIE_SECURE = true;
}; };
session.COOKIE_SECURE = true;
log.LEVEL = "Error"; log.LEVEL = "Error";
mailer = { mailer = {
ENABLED = true; ENABLED = true;
@ -89,7 +90,7 @@
Strict-Transport-Security "max-age=15768000" Strict-Transport-Security "max-age=15768000"
# https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764 # https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764
Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';" Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
X-Content-Type-Options "nosniff" X-Content-Type-Options "nosniff"
X-Frame-Options "DENY" X-Frame-Options "DENY"
} }