summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/security_headers.hpp44
1 files changed, 44 insertions, 0 deletions
diff --git a/include/security_headers.hpp b/include/security_headers.hpp
index 9877bb0b1a..d99729f420 100644
--- a/include/security_headers.hpp
+++ b/include/security_headers.hpp
@@ -26,6 +26,50 @@ inline void addSecurityHeaders(const crow::Request& req [[maybe_unused]],
"mode=block");
res.addHeader("X-Content-Type-Options", "nosniff");
+ // Recommendations from https://owasp.org/www-project-secure-headers/
+ // https://owasp.org/www-project-secure-headers/ci/headers_add.json
+ res.addHeader("Referrer-Policy", "no-referrer");
+ res.addHeader("Permissions-Policy", "accelerometer=(), "
+ "ambient-light-sensor=(), "
+ "autoplay=(), "
+ "battery=(), "
+ "bluetooth=(), "
+ "camera=(), "
+ "ch-ua=(), "
+ "ch-ua-arch=(), "
+ "ch-ua-bitness=(), "
+ "ch-ua-full-version=(), "
+ "ch-ua-full-version-list=(), "
+ "ch-ua-mobile=(), "
+ "ch-ua-model=(), "
+ "ch-ua-platform=(), "
+ "ch-ua-platform-version=(), "
+ "ch-ua-wow64=(), "
+ "cross-origin-isolated=(), "
+ "display-capture=(), "
+ "encrypted-media=(), "
+ "execution-while-not-rendered=(), "
+ "execution-while-out-of-viewport=(), "
+ "fullscreen=(), "
+ "geolocation=(), "
+ "gyroscope=(), "
+ "hid=(), "
+ "idle-detection=(), "
+ "keyboard-map=(), "
+ "magnetometer=(), "
+ "microphone=(), "
+ "midi=(), "
+ "navigation-override=(), "
+ "payment=(), "
+ "picture-in-picture=(), "
+ "publickey-credentials-get=(), "
+ "screen-wake-lock=(), "
+ "serial=(), "
+ "sync-xhr=(), "
+ "usb=(self), "
+ "web-share=(), "
+ "xr-spatial-tracking2=()");
+
if (bmcwebInsecureDisableXssPrevention == 0)
{
res.addHeader("Content-Security-Policy", "default-src 'none'; "