-
Notifications
You must be signed in to change notification settings - Fork 2
/
customHttp.yml
26 lines (26 loc) · 1.23 KB
/
customHttp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# This file is used to set up headers and a content security policy for your app if you are hosting it via AWS Amplify.
# A valid content security policy is required for a view to be hosted inside a production MyDataHelps project: https://developer.mydatahelps.org/views/review.html
# If you are not hosting your app using AWS amplify, this file can be deleted.
customHeaders:
- pattern: '**/*'
headers:
- key: 'Strict-Transport-Security'
value: 'max-age=31536000; includeSubDomains'
- key: 'X-XSS-Protection'
value: '1; mode=block'
- key: 'X-Content-Type-Options'
value: 'nosniff'
- key: 'Access-Control-Allow-Origin'
value: '*'
- key: 'Access-Control-Allow-Methods'
value: 'GET, HEAD, OPTIONS'
- key: 'Content-Security-Policy'
value: "default-src 'self';
script-src 'self' 'unsafe-inline' ;
object-src 'self';
style-src 'self' 'unsafe-inline' ;
img-src 'self' data: mydatahelps.org mdhorg.ce.dev rkstudio-customer-assets.s3.amazonaws.com;
media-src 'self';
frame-src 'self';
font-src 'self';
connect-src 'self' mydatahelps.org;"