Bull 440 : hemletjs, iframes security (!103) · Merge requests · Platform One / Party Bus / Launchboard / launchboard-be

graham.smith requested to merge BULL-440 into master Jan 11, 2021

Adds nice helmetjs security headers, including:

X-Frame-Options: DENY
Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors none;img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Bull 440 : hemletjs, iframes security

Merge request reports