diff options
author | Felix Boerner <ich@felix-boerner.de> | 2024-04-05 13:10:19 +0200 |
---|---|---|
committer | Felix Boerner <ich@felix-boerner.de> | 2024-04-05 13:10:19 +0200 |
commit | 40104704858f9a90328cc35c07d870d1b2ba1ca1 (patch) | |
tree | 55cf4f098ef6498077611ea5952afbc0c6a6f086 | |
parent | b59a72aa226317fe54baa7d145e202b5a2ad9030 (diff) |
test: improve security ranking
-rw-r--r-- | tests/exampleSiteWithImage/hugo.toml | 10 | ||||
-rw-r--r-- | tests/exampleSiteWithVideo/hugo.toml | 10 |
2 files changed, 20 insertions, 0 deletions
diff --git a/tests/exampleSiteWithImage/hugo.toml b/tests/exampleSiteWithImage/hugo.toml index 6c110aa..b626921 100644 --- a/tests/exampleSiteWithImage/hugo.toml +++ b/tests/exampleSiteWithImage/hugo.toml @@ -102,3 +102,13 @@ copyright = "©2024 Your Name" # Please keep the original attribution link when using for your own project. # If you'd like to use the template without the attribution, you can check out # the license option via the template author's website: https://onepagelove.com/split + +[server] +[[server.headers]] + for = '/**' + [server.headers.values] + Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://dummyimage.com" + Referrer-Policy = 'strict-origin-when-cross-origin' + X-Content-Type-Options = 'nosniff' + X-Frame-Options = 'DENY' + X-XSS-Protection = '1; mode=block' diff --git a/tests/exampleSiteWithVideo/hugo.toml b/tests/exampleSiteWithVideo/hugo.toml index 67d69bd..33efa81 100644 --- a/tests/exampleSiteWithVideo/hugo.toml +++ b/tests/exampleSiteWithVideo/hugo.toml @@ -102,3 +102,13 @@ copyright = "©2024 Your Name" # Please keep the original attribution link when using for your own project. # If you'd like to use the template without the attribution, you can check out # the license option via the template author's website: https://onepagelove.com/split + +[server] +[[server.headers]] + for = '/**' + [server.headers.values] + Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://dummyimage.com" + Referrer-Policy = 'strict-origin-when-cross-origin' + X-Content-Type-Options = 'nosniff' + X-Frame-Options = 'DENY' + X-XSS-Protection = '1; mode=block' |