Tweak security headers

2022-07-16 08:21:15 +02:00 · 2022-07-16 08:21:15 +02:00 · 42b23b4b01
commit 42b23b4b01
parent a6fd8632a6
1 changed files with 6 additions and 1 deletions
--- a/app/main.py
+++ b/app/main.py
@ -133,7 +133,12 @@ class CustomMiddleware:
                # TODO(ts): disallow inline CSS?
                headers[
                    "content-security-policy"
-                ] = "default-src 'self' style-src 'unsafe-inline';"
+                ] = "default-src 'self'; style-src 'self' 'unsafe-inline';"
+                headers["permissions-policy"] = (
+                    "geolocation=(), midi=(), camera=(), usb=(), "
+                    "magnetometer=(), accelerometer=(), vr=(), speaker=(), "
+                    "ambient-light-sensor=(), gyroscope=(), microphone=()"
+                )
                if not DEBUG:
                    headers[
                        "strict-transport-security"