Subversion Repositories configs

Rev

Rev 164 | Rev 168 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 164 Rev 165
Line 293... Line 293...
293
# Prevent browsers from incorrectly detecting non-scripts as scripts
293
# Prevent browsers from incorrectly detecting non-scripts as scripts
294
Header always set X-Content-Type-Options nosniff
294
Header always set X-Content-Type-Options nosniff
295
# Cors
295
# Cors
296
Header always set Access-Control-Allow-Origin "*"
296
Header always set Access-Control-Allow-Origin "*"
297
# Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https
297
# Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https
298
Header always set Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src data: https://fonts.gstatic.com https://use.fontawesome.com; form-action 'self'; frame-src https://www.google.com; img-src 'self' data: http://abs.twimg.com https://abs.twimg.com https://i5.walmartimages.com https://images.samash.com https://img.discogs.com https://lh4.googleusercontent.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com https://www.fye.com https://www.musicnotes.com https://www.secondspin.com https://platform-lookaside.fbsbx.com https://ad.linksynergy.com https://www.lduhtrp.net https://i5.wal.co https://cj.dotomi.com https://www.awltovhc.com https://www.ftjcfx.com https://www.tqlkg.com https://www.emjcd.com https://www.yceml.net https://beacon.affil.walmart.com https://assets.sheetmusicplus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'"
298
Header always set Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src data: https://fonts.gstatic.com https://use.fontawesome.com; form-action 'self'; frame-src https://www.google.com; img-src 'self' data: http://abs.twimg.com https://abs.twimg.com https://i5.walmartimages.com https://images.samash.com https://img.discogs.com https://lh4.googleusercontent.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com https://www.fye.com https://www.musicnotes.com https://www.secondspin.com https://platform-lookaside.fbsbx.com https://ad.linksynergy.com https://www.lduhtrp.net https://i5.wal.co https://cj.dotomi.com https://www.awltovhc.com https://www.ftjcfx.com https://www.tqlkg.com https://www.emjcd.com https://www.yceml.net https://beacon.affil.walmart.com https://assets.sheetmusicplus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'"
299
# Disable referrers for browsers that don't support strict-origin-when-cross-origin; Uses strict-origin-when-cross-origin for browsers that do
299
# Disable referrers for browsers that don't support strict-origin-when-cross-origin; Uses strict-origin-when-cross-origin for browsers that do
300
Header always set Referrer-Policy "no-referrer"
300
Header always set Referrer-Policy "no-referrer"
301
# Only allow my site to frame itself
301
# Only allow my site to frame itself
302
#add above# Header always add Content-Security-Policy "frame-ancestors 'self'"
302
#add above# Header always add Content-Security-Policy "frame-ancestors 'self'"
303
Header always set X-Frame-Options SAMEORIGIN
303
Header always set X-Frame-Options SAMEORIGIN