BLST#68301 csp-header aangescherpt
svn path=/Database/trunk/; revision=53130
This commit is contained in:
@@ -174,7 +174,7 @@ DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'allowedLinkRegex'
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'auto_https' , 'number' , '3' , '0=not https, 1=http redirects to https, (3=also all cookies ;Secure)')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'fac_html_strictness' , 'number' , '0' , '0=allow html in message, res-room description, flex-labels, 1=do not allow (strict, more secure)')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'cal_showOn' , 'string' , 'button' , '''button'' or ''focus'' or ''both''')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'csp_header' , 'string' , 'default-src *; style-src * ''unsafe-inline''; script-src * ''unsafe-inline'' ''unsafe-eval''; img-src * data: ''unsafe-inline''; connect-src * ''unsafe-inline''; frame-src * mailto: tel: phone: callto:; font-src * data: ''unsafe-inline'';', 'Content-Security-Policy header')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'csp_header' , 'string' , 'default-src ''self''; script-src ''self'' ''unsafe-eval'' ''unsafe-inline''; script-src-elem ''self'' ''unsafe-inline''; style-src ''self'' ''unsafe-inline''; frame-src ''self'' mailto: tel: callto:; img-src ''self'' data:; upgrade-insecure-requests; report-uri ../Shared/csp_report.asp;', 'Content-Security-Policy header')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'referrer_policy_header' , 'string' , 'strict-origin-when-cross-origin', 'Referrer-Policy header (future use)')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'cssenvcust' , 'string' , '' , 'Custom css environment overrules')
|
||||
DEFINE_SETTING('FAC', 0001, 'WEB_FACTAB', 'csstemplate' , 'json' , '{}' , 'Color scheme.')
|
||||
|
||||
Reference in New Issue
Block a user