refactor: unify HTTP header settings into _headers

This commit is contained in:
curben 2019-05-26 15:09:27 +09:30
parent ab67e05c73
commit 00fbcce468
3 changed files with 4 additions and 13 deletions

View File

@ -1,14 +1,3 @@
[context.production] [context.production]
publish = "public" publish = "public"
command = "npm run snyk && npm run hexo" command = "npm run snyk && npm run hexo"
[[headers]]
for = "/*"
[headers.value]
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
X-Content-Type-Options = "nosniff"
Content-Security-Policy = "default-src 'self'; child-src 'none'; connect-src 'none'; font-src 'none'; frame-src 'none'; img-src https: 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; script-src https://cdnjs.cloudflare.com 'self'; style-src https://cdnjs.cloudflare.com 'self'; worker-src 'none'; base-uri 'none'; form-action 'none'; block-all-mixed-content; frame-ancestors 'none';"
Referrer-Policy = "no-referrer"
Strict-Transport-Security = "max-age=31536000"
Feature-Policy = "accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'"

View File

@ -2,3 +2,7 @@
X-Frame-Options: DENY X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; child-src 'none'; connect-src 'none'; font-src 'none'; frame-src 'none'; img-src https: 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; script-src https://cdnjs.cloudflare.com 'self'; style-src https://cdnjs.cloudflare.com 'self'; worker-src 'none'; base-uri 'none'; form-action 'none'; block-all-mixed-content; frame-ancestors 'none'
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
Feature-Policy: accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'

View File

@ -2,8 +2,6 @@
<html lang="<%= theme.language %>"> <html lang="<%= theme.language %>">
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<%/* CSP */%>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; child-src 'none'; connect-src 'none'; font-src 'none'; frame-src 'none'; img-src https: 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; script-src https://cdnjs.cloudflare.com 'self'; style-src https://cdnjs.cloudflare.com 'self'; worker-src 'none'; base-uri 'none'; form-action 'none'; block-all-mixed-content;">
<% <%
let title = page.title let title = page.title