Tom Moor
@ -168,7 +168,12 @@ app.use(mount("/auth", auth));
|
|||||||
app.use(mount("/api", api));
|
app.use(mount("/api", api));
|
||||||
|
|
||||||
// Sets common security headers by default, such as no-sniff, hsts, hide powered
|
// Sets common security headers by default, such as no-sniff, hsts, hide powered
|
||||||
// by etc
|
// by etc, these are applied after auth and api so they are only returned on
|
||||||
|
// standard non-XHR accessed routes
|
||||||
|
app.use(async (ctx, next) => {
|
||||||
|
ctx.set("Permissions-Policy", "interest-cohort=()");
|
||||||
|
await next();
|
||||||
|
});
|
||||||
app.use(helmet());
|
app.use(helmet());
|
||||||
app.use(
|
app.use(
|
||||||
contentSecurityPolicy({
|
contentSecurityPolicy({
|
||||||
|
|||||||
Reference in New Issue
Block a user