diff options
author | Kristóf Marussy <kristof@marussy.com> | 2023-08-23 03:36:25 +0200 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2023-08-23 03:36:25 +0200 |
commit | 0e54d399424374d497d08a8631c4761dece57ceb (patch) | |
tree | bd0873080b4bc3b81984852def5e435e51292d0d /subprojects/language-web/src/main | |
parent | fix: predicate value translation (diff) | |
download | refinery-0e54d399424374d497d08a8631c4761dece57ceb.tar.gz refinery-0e54d399424374d497d08a8631c4761dece57ceb.tar.zst refinery-0e54d399424374d497d08a8631c4761dece57ceb.zip |
feat: dot visualization
Diffstat (limited to 'subprojects/language-web/src/main')
-rw-r--r-- | subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java index 7b094fde..fab94689 100644 --- a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java +++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | |||
@@ -16,7 +16,7 @@ public class SecurityHeadersFilter implements Filter { | |||
16 | ServletException { | 16 | ServletException { |
17 | if (response instanceof HttpServletResponse httpResponse) { | 17 | if (response instanceof HttpServletResponse httpResponse) { |
18 | httpResponse.setHeader("Content-Security-Policy", "default-src 'none'; " + | 18 | httpResponse.setHeader("Content-Security-Policy", "default-src 'none'; " + |
19 | "script-src 'self'; " + | 19 | "script-src 'self' 'wasm-unsafe-eval'; " + |
20 | // CodeMirror needs inline styles, see e.g., | 20 | // CodeMirror needs inline styles, see e.g., |
21 | // https://discuss.codemirror.net/t/inline-styles-and-content-security-policy/1311/2 | 21 | // https://discuss.codemirror.net/t/inline-styles-and-content-security-policy/1311/2 |
22 | "style-src 'self' 'unsafe-inline'; " + | 22 | "style-src 'self' 'unsafe-inline'; " + |
@@ -25,7 +25,7 @@ public class SecurityHeadersFilter implements Filter { | |||
25 | "font-src 'self'; " + | 25 | "font-src 'self'; " + |
26 | "connect-src 'self'; " + | 26 | "connect-src 'self'; " + |
27 | "manifest-src 'self'; " + | 27 | "manifest-src 'self'; " + |
28 | "worker-src 'self';"); | 28 | "worker-src 'self' blob:;"); |
29 | httpResponse.setHeader("X-Content-Type-Options", "nosniff"); | 29 | httpResponse.setHeader("X-Content-Type-Options", "nosniff"); |
30 | httpResponse.setHeader("X-Frame-Options", "DENY"); | 30 | httpResponse.setHeader("X-Frame-Options", "DENY"); |
31 | httpResponse.setHeader("Referrer-Policy", "strict-origin"); | 31 | httpResponse.setHeader("Referrer-Policy", "strict-origin"); |