Add Security Headers (#1200)

2020-04-04 02:36:12 +03:00 · 2020-04-04 02:36:12 +03:00 · 00c5823a5e
commit 00c5823a5e
parent 31f76d59a2
2 changed files with 29 additions and 1 deletions
--- a/now.json
+++ b/now.json
@ -1,4 +1,31 @@
 {
+  "headers": [
+    {
+      "source": "/(.*)",
+      "headers": [
+        {
+          "key": "Access-Control-Allow-Origin",
+          "value": "*"
+        },
+        {
+          "key": "X-Content-Type-Options",
+          "value": "nosniff"
+        },
+        {
+          "key": "Feature-Policy",
+          "value": "*"
+        },
+        {
+          "key": "Referrer-Policy",
+          "value": "origin"
+        },
+        {
+          "key": "Content-Security-Policy",
+          "value": "default-src https: data: 'unsafe-inline'; connect-src https://*.excalidraw.com wss://excalidraw-socket.herokuapp.com https://excalidraw-socket.herokuapp.com"
+        }
+      ]
+    }
+  ],
  "redirects": [
    {
      "source": "/([^.]+)",
--- a/public/index.html
+++ b/public/index.html
@ -7,10 +7,11 @@
      name="viewport"
      content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no, viewport-fit=cover, shrink-to-fit=no"
    />
+    <meta name="referrer" content="origin" />
    <meta name="apple-mobile-web-app-capable" content="yes" />

    <meta name="theme-color" content="#000000" />
-    <!-- prettier-ignore -->
+
    <meta
      http-equiv="origin-trial"
      content="AsyySICOnLFPHhAi+SdB6g3Cr28MuSeq3a+2k3UOUKu+ikmEjAqYHAK3HSLx4keUd1BLYUPWPYAe6F9hyuO3JwUAAABceyJvcmlnaW4iOiJodHRwczovL3d3dy5leGNhbGlkcmF3LmNvbTo0NDMiLCJmZWF0dXJlIjoiTmF0aXZlRmlsZVN5c3RlbSIsImV4cGlyeSI6MTU4OTE4MzIxMH0="