[Peertube] Put CSP for iframe and CORS headers in file for re-use

This commit is contained in:
Quentin Duchemin 2020-12-01 20:13:06 +01:00
parent 718f7fd990
commit bdd5ba3e9b

View File

@ -12,7 +12,6 @@
[http] [http]
[http.middlewares.hardening.headers] [http.middlewares.hardening.headers]
addVaryHeader = true
browserXssFilter = true browserXssFilter = true
contentTypeNosniff = true contentTypeNosniff = true
forceSTSHeader = true forceSTSHeader = true
@ -26,3 +25,10 @@
[http.middlewares.compression.compress] [http.middlewares.compression.compress]
excludedContentTypes = ["text/event-stream"] excludedContentTypes = ["text/event-stream"]
[http.middlewares.allowFrameAndCORS.headers]
contentSecurityPolicy = "frame-ancestors *"
accessControlAllowHeaders = ["*"]
accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
accessControlAllowOriginList = ["*"]
accessControlExposeHeaders = ["*"]