-
-
Save EmpeRoar/962271aeef0934a3ba314f8ee1d8d125 to your computer and use it in GitHub Desktop.
CSP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/angular/angular/issues/37631 | |
https://dev-academy.com/content-security-policy-in-angular/ | |
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src | |
<httpProtocol> | |
<customHeaders> | |
<add name="X-XSS-Protection" value="0" /> | |
<add name="X-Content-Type-Options" value="nosniff" /> | |
<add name="Content-Security-Policy" | |
value="default-src 'self'; | |
style-src 'self' 'unsafe-inline'; | |
script-src 'self' 'unsafe-hashes' 'unsafe-inline'; | |
connect-src wss://192.168.1.19:8051 https://192.168.1.19:8051 https://auth0federationexercise.auth0.com https://lh3.googleusercontent.com; | |
frame-src https://auth0federationexercise.auth0.com; | |
img-src 'self' https://lh3.googleusercontent.com" /> | |
<!-- <add name="Referrer-Policy" value="string-origin-when-cross-origin" /> --> | |
</customHeaders> | |
</httpProtocol> | |
------------ | |
<httpProtocol> | |
<customHeaders> | |
<add name="X-XSS-Protection" value="0" /> | |
<add name="X-Content-Type-Options" value="nosniff" /> | |
<add name="Content-Security-Policy" | |
value="default-src 'self'; | |
style-src 'self' 'unsafe-inline'; | |
img-src 'self' data://*" /> | |
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" /> | |
</customHeaders> | |
</httpProtocol> | |
--------- | |
<?xml version="1.0" encoding="utf-8"?> | |
<configuration> | |
<system.webServer> | |
<rewrite> | |
<rules> | |
<rule name="Angular Routes" stopProcessing="true"> | |
<match url=".*" /> | |
<conditions logicalGrouping="MatchAll"> | |
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> | |
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> | |
</conditions> | |
<action type="Rewrite" url="./index.html" /> | |
</rule> | |
</rules> | |
</rewrite> | |
<httpProtocol> | |
<customHeaders> | |
<add name="X-XSS-Protection" value="0" /> | |
<add name="X-Content-Type-Options" value="nosniff" /> | |
<add name="Content-Security-Policy" | |
value="default-src 'self'; | |
style-src 'unsafe-inline'; | |
style-src-elem 'self' 'unsafe-inline'; | |
script-src 'unsafe-inline'; | |
script-src-elem 'self'; | |
connect-src https://192.168.254.157:8061 wss://192.168.254.157:8061 https://192.168.254.157:8060 https://auth0federationexercise.auth0.com https://lh3.googleusercontent.com; | |
frame-src https://auth0federationexercise.auth0.com; | |
img-src 'self' https://lh3.googleusercontent.com" /> | |
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" /> | |
</customHeaders> | |
</httpProtocol> | |
</system.webServer> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment