diff options
author | Kristóf Marussy <kristof@marussy.com> | 2023-09-26 03:29:51 +0200 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2023-09-26 16:11:32 +0200 |
commit | 3ba6f8fba9dbd6e479f4297a5a05b51273e461a3 (patch) | |
tree | 66c0d598fdcf93db51cf988547c4417bf80906a7 /subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | |
parent | fix(query-interpreter): functional dependencies (diff) | |
download | refinery-3ba6f8fba9dbd6e479f4297a5a05b51273e461a3.tar.gz refinery-3ba6f8fba9dbd6e479f4297a5a05b51273e461a3.tar.zst refinery-3ba6f8fba9dbd6e479f4297a5a05b51273e461a3.zip |
feat(frontend): save in URL fragment
Diffstat (limited to 'subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java')
-rw-r--r-- | subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java index fab94689..cc87917f 100644 --- a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java +++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | |||
@@ -23,7 +23,8 @@ public class SecurityHeadersFilter implements Filter { | |||
23 | // Use 'data:' for displaying inline SVG backgrounds. | 23 | // Use 'data:' for displaying inline SVG backgrounds. |
24 | "img-src 'self' data:; " + | 24 | "img-src 'self' data:; " + |
25 | "font-src 'self'; " + | 25 | "font-src 'self'; " + |
26 | "connect-src 'self'; " + | 26 | // Fetch data:application/octet-stream;base64 URIs to unpack compressed URL fragments. |
27 | "connect-src 'self' data:; " + | ||
27 | "manifest-src 'self'; " + | 28 | "manifest-src 'self'; " + |
28 | "worker-src 'self' blob:;"); | 29 | "worker-src 'self' blob:;"); |
29 | httpResponse.setHeader("X-Content-Type-Options", "nosniff"); | 30 | httpResponse.setHeader("X-Content-Type-Options", "nosniff"); |