cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13079 commits 4 branches 1 tag 499 MiB
Commit graph

28 commits

Author SHA1 Message Date
Paul Norman
00d085ed5d
Add Tracestrack Topo as featured layer 2023-09-19 22:16:42 -07:00
Tom Hughes
0913f286fe Make the TOTP cookie httponly 2023-08-22 21:18:45 +01:00
Tom Hughes
e9f62a8c30 Rename piwik to matomo and merge configuration into settings 2022-08-01 22:42:04 +01:00
Tom Hughes
1612ea75c5 Allow trace image URL to be configured in the CSP policy 2022-02-13 19:25:42 +00:00
Tom Hughes
1096b3b8e2 Don't mark banner cookies as HttpOnly 
Fixes #3231
 2021-06-23 15:08:45 +01:00
Tom Hughes
29032847d9 Set a referrer policy 2021-06-04 21:50:15 +01:00
Tom Hughes
f91dd6afc2 Tighten up cookie security 
Mark all cookies as Secure, and the cookies which are not
modified client side as HttpOnly.
 2021-02-19 18:18:13 +00:00
Tom Hughes
9be62ca4bb Allow image loading from tileserver.memomaps.de 2020-07-08 19:07:49 +01:00
Tom Hughes
da80a7bd08 Add tile.openstreetmap.org to security policy 2020-04-14 00:03:55 +01:00
Tom Hughes
75e60acf66 Allow configuration of storage server URL for security policy 2019-07-09 19:43:03 +01:00
Andy Allan
d102c9aaf4 Move all settings to settings.yml 
We leave the STATUS setting alone, since it's required before rails
boots. The test-specific settings now live in config/settings/test.yml
 2019-03-13 18:06:23 +01:00
Tom Hughes
89a4a9d59c Allow loading of our manifest 2019-02-24 22:40:01 +00:00
Tom Hughes
d82cc08734 Allow CSP to be put in enforcing mode 2018-05-22 08:51:21 +01:00
Tom Hughes
584ac67c10 Configure manifest-src and worker-src in security policy 2018-05-17 19:10:39 +01:00
Tom Hughes
5cd4aeb1aa Preserve schemes in security policy 2018-05-17 19:10:23 +01:00
Tom Hughes
68f7df96d6 Add piwik to allowed URIs in connect-src 2018-05-17 11:33:50 +01:00
Tom Hughes
1f1029cf1a Remove unsafe-inline form default style policy 2018-05-16 20:40:55 +01:00
Tom Hughes
c77c7d015f Default frame-src to self 2018-05-15 14:08:44 +01:00
Tom Hughes
d987416901 Allow apache to control the HSTS setting 2018-01-11 19:44:20 +00:00
Tom Hughes
b396c8cbe5 Allow apache to control the HSTS setting 2018-01-11 19:20:07 +00:00
Tom Hughes
3c4774a5f7 Allow images to be loaded from piwik 2017-11-23 22:22:01 +00:00
Tom Hughes
18d3392ede Relax cookie security policy 2017-11-01 17:48:35 +00:00
Tom Hughes
e7e85db0c8 Update secure_headers configuration for upstream changes 2017-09-08 16:49:28 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
e35748567c Update HSTS to publish a max-age=0 to disable it 2017-03-03 11:34:39 +00:00
Tom Hughes
ee12eba234 Don't try and modify policy if we don't have one 2017-03-02 10:39:18 +00:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00