mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-08-17 00:01:32 +02:00
32 lines
995 B
YAML
32 lines
995 B
YAML
|
nelmio_security:
|
||
|
|
# prevents framing of the entire site
|
||
|
|
clickjacking:
|
||
|
|
paths:
|
||
|
|
'^/.*': SAMEORIGIN
|
||
|
|
|
||
|
|
# disables content type sniffing for script resources
|
||
|
|
content_type:
|
||
|
|
nosniff: true
|
||
|
|
|
||
|
|
# prevents redirections outside the website's domain
|
||
|
|
external_redirects:
|
||
|
|
abort: true
|
||
|
|
log: true
|
||
|
|
|
||
|
|
# forces Microsoft's XSS-Protection with
|
||
|
|
# its block mode
|
||
|
|
xss_protection:
|
||
|
|
enabled: true
|
||
|
|
mode_block: true
|
||
|
|
|
||
|
|
# Send a full URL in the `Referer` header when performing a same-origin request,
|
||
|
|
# only send the origin of the document to secure destination (HTTPS->HTTPS),
|
||
|
|
# and send no header to a less secure destination (HTTPS->HTTP).
|
||
|
|
# If `strict-origin-when-cross-origin` is not supported, use `no-referrer` policy,
|
||
|
|
# no referrer information is sent along with requests.
|
||
|
|
referrer_policy:
|
||
|
|
enabled: true
|
||
|
|
policies:
|
||
|
|
- 'no-referrer'
|
||
|
|
- 'strict-origin-when-cross-origin'
|