cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10966 commits 4 branches 1 tag 499 MiB
Commit graph

22 commits

Author SHA1 Message Date
Tom Hughes
f91dd6afc2 Tighten up cookie security 
Mark all cookies as Secure, and the cookies which are not
modified client side as HttpOnly.
 2021-02-19 18:18:13 +00:00
Tom Hughes
9be62ca4bb Allow image loading from tileserver.memomaps.de 2020-07-08 19:07:49 +01:00
Tom Hughes
da80a7bd08 Add tile.openstreetmap.org to security policy 2020-04-14 00:03:55 +01:00
Tom Hughes
75e60acf66 Allow configuration of storage server URL for security policy 2019-07-09 19:43:03 +01:00
Andy Allan
d102c9aaf4 Move all settings to settings.yml 
We leave the STATUS setting alone, since it's required before rails
boots. The test-specific settings now live in config/settings/test.yml
 2019-03-13 18:06:23 +01:00
Tom Hughes
89a4a9d59c Allow loading of our manifest 2019-02-24 22:40:01 +00:00
Tom Hughes
d82cc08734 Allow CSP to be put in enforcing mode 2018-05-22 08:51:21 +01:00
Tom Hughes
584ac67c10 Configure manifest-src and worker-src in security policy 2018-05-17 19:10:39 +01:00
Tom Hughes
5cd4aeb1aa Preserve schemes in security policy 2018-05-17 19:10:23 +01:00
Tom Hughes
68f7df96d6 Add piwik to allowed URIs in connect-src 2018-05-17 11:33:50 +01:00
Tom Hughes
1f1029cf1a Remove unsafe-inline form default style policy 2018-05-16 20:40:55 +01:00
Tom Hughes
c77c7d015f Default frame-src to self 2018-05-15 14:08:44 +01:00
Tom Hughes
d987416901 Allow apache to control the HSTS setting 2018-01-11 19:44:20 +00:00
Tom Hughes
b396c8cbe5 Allow apache to control the HSTS setting 2018-01-11 19:20:07 +00:00
Tom Hughes
3c4774a5f7 Allow images to be loaded from piwik 2017-11-23 22:22:01 +00:00
Tom Hughes
18d3392ede Relax cookie security policy 2017-11-01 17:48:35 +00:00
Tom Hughes
e7e85db0c8 Update secure_headers configuration for upstream changes 2017-09-08 16:49:28 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
e35748567c Update HSTS to publish a max-age=0 to disable it 2017-03-03 11:34:39 +00:00
Tom Hughes
ee12eba234 Don't try and modify policy if we don't have one 2017-03-02 10:39:18 +00:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00