[gimp-web/oscp] Make CSP more strict and add Referrer-Policy header
- From: Michael Schumacher <schumaml src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp-web/oscp] Make CSP more strict and add Referrer-Policy header
- Date: Fri, 27 Mar 2020 09:11:59 +0000 (UTC)
commit 52638ae6f983e3380dc8eccf96c9bca3e3c69612
Author: Michael Schumacher <schumaml gmx de>
Date: Fri Mar 27 10:11:49 2020 +0100
Make CSP more strict and add Referrer-Policy header
.../app_data/httpd-cfg/download.gimp.org.conf | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
---
diff --git a/download.gimp.org/app_data/httpd-cfg/download.gimp.org.conf
b/download.gimp.org/app_data/httpd-cfg/download.gimp.org.conf
index 6b707d60..91570fef 100644
--- a/download.gimp.org/app_data/httpd-cfg/download.gimp.org.conf
+++ b/download.gimp.org/app_data/httpd-cfg/download.gimp.org.conf
@@ -29,7 +29,25 @@
# Disable unsafe inline/eval, only load resources from same origin
# Also disables the execution of plugins
- Header always set Content-Security-Policy "default-src 'self'; object-src 'none'"
+ Header always set \
+ Content-Security-Policy " \
+ default-src 'none'; \
+ img-src 'self'; \
+ style-src 'self'; \
+ script-src 'self' \
+ font-src 'self'; \
+ child-src 'self' \
+ object-src 'none'; \
+ media-src 'self' \
+ base-uri 'self'; \
+ form-action 'self'; \
+ frame-ancestors 'self'; \
+ "
+
+ # send full referrer on same origin, URL sans path on foreign origin
+ Header always set \
+ Referrer-Policy: "same-origin, strict-origin-when-cross-origin"
+
##
# Rewrite rules
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
