Actions
Meeting #678
closedMeeting with Searce Team
Status:
closed
Priority:
Normal
Assignee:
-
Start date:
02/18/2025
Due date:
02/18/2025
% Done:
100%
Estimated time:
1:00 h
End Date:
02/18/2025
Description
Taken call with Shivanshu about the newly deployed Partner and datalabs URLs security
Shared Nginx config to build for ALB as well
proxy_http_version 1.1;
proxy_set_header Host partner.rubiscape.com;
- Security Headers
add_header X-Test-Header "Authorized by Rubiscape";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy "no-referrer";
add_header X-XSS-Protection "1; mode=block";
- Combined CSP header with all required sources
add_header Content-Security-Policy "
default-src 'self';
script-src 'self' 'unsafe-inline' 'unsafe-eval'
https://cdn.jsdelivr.net
https://cdnjs.cloudflare.com
https://ajax.googleapis.com
https://code.jquery.com
https://maxcdn.bootstrapcdn.com;
style-src 'self' 'unsafe-inline'
https://maxcdn.bootstrapcdn.com
https://cdn.jsdelivr.net;
font-src 'self'
https://maxcdn.bootstrapcdn.com
https://cdn.jsdelivr.net
data:;
img-src 'self' data: https:;
connect-src 'self' https://partner.rubiscape.com;
frame-src 'self';
frame-ancestors 'self';
form-action 'self';
manifest-src 'self'
";
add_header Permissions-Policy "geolocation=(self 'https://trusted-maps.com'), camera=()";No data to display
Actions