forked from yearn/yearn-finance-v3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
customHttp.yml
25 lines (25 loc) · 1.1 KB
/
customHttp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
customHeaders:
- pattern: '**/*'
headers:
- key: Strict-Transport-Security
value: max-age=31536000; includeSubDomains
- key: X-Frame-Options
value: SAMEORIGIN
- key: X-XSS-Protection
value: 1; mode=block
- key: X-Content-Type-Options
value: nosniff
- key: Content-Security-Policy
value: script-src 'self' https://*.yearn.finance; child-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors https://*.ledger.com https://*.ledger-sbx.com https://*.ledger-stg.com https://*.ledger-ppr.com https://*.ledger-test.com https://gnosis-safe.io https://app.safe.global;
- key: Referrer-Policy
value: same-origin
- key: Feature-Policy
value: camera 'none'; microphone 'none'; geolocation 'none'; autoplay 'none'; display-capture 'none'; payment 'none'
- pattern: '**/manifest.json'
headers:
- key: Access-Control-Allow-Origin
value: '*'
- key: Access-Control-Allow-Methods
value: GET
- key: Access-Control-Allow-Headers
value: 'X-Requested-With, content-type, Authorization'