diff options
Diffstat (limited to 'subprojects/language-web/src')
-rw-r--r-- | subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java index fab94689..cc87917f 100644 --- a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java +++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java | |||
@@ -23,7 +23,8 @@ public class SecurityHeadersFilter implements Filter { | |||
23 | // Use 'data:' for displaying inline SVG backgrounds. | 23 | // Use 'data:' for displaying inline SVG backgrounds. |
24 | "img-src 'self' data:; " + | 24 | "img-src 'self' data:; " + |
25 | "font-src 'self'; " + | 25 | "font-src 'self'; " + |
26 | "connect-src 'self'; " + | 26 | // Fetch data:application/octet-stream;base64 URIs to unpack compressed URL fragments. |
27 | "connect-src 'self' data:; " + | ||
27 | "manifest-src 'self'; " + | 28 | "manifest-src 'self'; " + |
28 | "worker-src 'self' blob:;"); | 29 | "worker-src 'self' blob:;"); |
29 | httpResponse.setHeader("X-Content-Type-Options", "nosniff"); | 30 | httpResponse.setHeader("X-Content-Type-Options", "nosniff"); |