UNCLASSIFIED - NO CUI

Skip to content

Bull 440 : hemletjs, iframes security

graham.smith requested to merge BULL-440 into master

Adds nice helmetjs security headers, including:

X-Frame-Options: DENY
Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors none;img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Merge request reports