..
This commit is contained in:
parent
1ee796b282
commit
ab688243d7
36 changed files with 307 additions and 135 deletions
|
|
@ -125,12 +125,7 @@ async fn static_cache_headers(
|
|||
response
|
||||
}
|
||||
|
||||
/// Add baseline security headers to every response. These are deliberately the
|
||||
/// low-risk, broadly-compatible set: a Content-Security-Policy and
|
||||
/// Permissions-Policy are intentionally left out because this app loads many
|
||||
/// cross-origin resources (maplibre/deck.gl, Stripe, Google Street View,
|
||||
/// analytics, the error sink) and a mis-scoped policy would break the map or
|
||||
/// checkout. They should be added later as report-only first.
|
||||
|
||||
async fn security_headers(
|
||||
request: axum::extract::Request,
|
||||
next: middleware::Next,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue