aboutsummaryrefslogtreecommitdiffstats
path: root/subprojects/language-web/src
diff options
context:
space:
mode:
Diffstat (limited to 'subprojects/language-web/src')
-rw-r--r--subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java
index fab94689..cc87917f 100644
--- a/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java
+++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/SecurityHeadersFilter.java
@@ -23,7 +23,8 @@ public class SecurityHeadersFilter implements Filter {
23 // Use 'data:' for displaying inline SVG backgrounds. 23 // Use 'data:' for displaying inline SVG backgrounds.
24 "img-src 'self' data:; " + 24 "img-src 'self' data:; " +
25 "font-src 'self'; " + 25 "font-src 'self'; " +
26 "connect-src 'self'; " + 26 // Fetch data:application/octet-stream;base64 URIs to unpack compressed URL fragments.
27 "connect-src 'self' data:; " +
27 "manifest-src 'self'; " + 28 "manifest-src 'self'; " +
28 "worker-src 'self' blob:;"); 29 "worker-src 'self' blob:;");
29 httpResponse.setHeader("X-Content-Type-Options", "nosniff"); 30 httpResponse.setHeader("X-Content-Type-Options", "nosniff");
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-16 06:06:51 +0000