[arch-devops] [RFC] Better security through Content Security Policy and other headers.
bluewind at xinu.at
Sat Aug 4 08:00:17 UTC 2018
On Sat, Aug 04, 2018 at 12:34:10AM +0200, Jelle van der Waa <jelle at vdwaa.nl> wrote:
> add_header Content-Security-Policy "default-src 'self'; style-src 'self'; font-src 'self'; form-action 'self';"
subdomain and only allow that subdomain.
Apart from that I like the idea(s)!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-devops