-
Notifications
You must be signed in to change notification settings - Fork 21
/
web.config
39 lines (39 loc) · 3.65 KB
/
web.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<remove fileExtension="." />
<remove fileExtension=".cs" />
<add fileExtension="." allowed="true" />
<add fileExtension=".cs" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
<staticContent>
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
<remove fileExtension=".woff2" />
<mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
</staticContent>
<httpProtocol>
<customHeaders>
<remove name="Content-Security-Policy" />
<remove name="X-Frame-Options" />
<remove name="Access-Control-Allow-Origin" />
<remove name="X-Content-Type-Options" />
<remove name="Strict-Transport-Security" />
<remove name="X-Permitted-Cross-Domain-Policies" />
<remove name="Permissions-Policy" />
<add name="Content-Security-Policy" value="script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.jsdelivr.net *.crisp.chat *.omwpapi.com *.typekit.net *.syncfusion.com www.youtube.com *.yandex.ru *.ytimg.com cdn.syncfusion.com www.googletagmanager.com *.googleapis.com netdna.bootstrapcdn.com *.firebaseio.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net a.opmnstr.com *.hotjar.com serve.albacross.com certify-js.alexametrics.com cdnjs.cloudflare.com *.cloudfront.net connect.facebook.net www.google.com *.tawk.to tagmanager.google.com *.gstatic.com *.boldbi.com *.boldreports.com *.ampproject.org cdn.onesignal.com *.omappapi.com onesignal.com; img-src 'self' blob: data: cdn.syncfusion.com *.yandex.com *.crisp.chat *.omappapi.com *.typekit.net *.omwpapi.com s.w.org a.opmnstr.com www.gravatar.com *.ytimg.com *.yandex.ru tawk.link *.tawk.to www.google-analytics.com www.google.com www.google.co.in googleads.g.doubleclick.net certify.alexametrics.com certify-amp.alexametrics.com *.syncfusion.com *.albacross.com secure.gravatar.com ps.w.org www.facebook.com cdn.jsdelivr.net stats.g.doubleclick.net *.gstatic.com *.boldbi.com *.boldreports.com *.syncfusion.com syncfusion-contents.s3.amazonaws.com img.onesignal.com www.googletagmanager.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.syncfusion.com cdn.syncfusion.com *.crisp.chat *.tawk.to *.fontawesome.com *.omappapi.com *.cloudfront.net fonts.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.boldbi.com *.boldreports.com onesignal.com; frame-src 'self' *.stripe.com *.facebook.com *.hotjar.com *.tawk.to *.opmnstr.com *.firebaseio.com *.syncfusion.com bid.g.doubleclick.net *.addthis.com www.youtube.com www.youtube-nocookie.com *.google.com www.gstatic.com *.boldbi.com *.boldreports.com onesignal.com *.moz.com; frame-ancestors 'self'; media-src 'self' *.syncfusion.com *.boldbi.com *.boldreports.com; worker-src blob: *.syncfusion.com; object-src 'none'; base-uri 'none';"/>
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add name="X-Permitted-Cross-Domain-Policies" value="none"/>
<add name="Permissions-Policy" value="geolocation=(), camera=(), microphone=(), payment=(), accelerometer=(), gyroscope=(), magnetometer=(), usb=()"/>
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>