Merge pull request #243 from cds-snc/feat/amplify-headers

feat: add headers
cds-snc · Nov 23, 2023 · 2ce9f68 · 2ce9f68
2 parents 98797e4 + 5b0cd19
commit 2ce9f68
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/customHttp.yml b/customHttp.yml
@@ -0,0 +1,30 @@
+customHeaders:
+  - pattern: '**'
+    headers:
+      - key: Strict-Transport-Security
+        value: max-age=31536000; includeSubDomains
+      - key: X-Frame-Options
+        value: DENY
+      - key: X-XSS-Protection
+        value: 1; mode=block
+      - key: X-Content-Type-Options
+        value: nosniff
+      - key: Referrer-Policy
+        value: no-referrer
+      - key: Permissions-Policy
+        value: >-
+          accelerometer=(), camera=(), geolocation=(), gyroscope=(),
+          magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
+      - key: Content-Security-Policy
+        value: >-
+          report-uri https://csp-report-to.security.cdssandbox.xyz/report;
+          default-src 'self' https://kit.fontawesome.com/ https://cdn.jsdelivr.net/npm/;
+          font-src 'self' fonts.gstatic.com https://unpkg.com/[email protected]/;
+          script-src 'self' www.googletagmanager.com www.google-analytics.com https://kit.fontawesome.com https://cdn.jsdelivr.net/npm/ 'sha256-fipSroUh2te/+TB6wC2Cm4FtjT9kQKTCBmtmSCRONv8=' 'sha256-JDhgsVY611fJnWqj9ydKCOkLlh8t6kvvnJMW3P3GdEg=' 'sha256-Adp/M38ZA9hiuEC+IDM/5MYFu8PJFx0/710dxPMpyYE=';
+          frame-src www.googletagmanager.com www.google-analytics.com https://cds-snc.github.io/;
+          connect-src 'self' www.googletagmanager.com www.google-analytics.com www.canada.ca;
+          img-src 'self' data: https: www.w3.org;
+          style-src 'unsafe-inline' https: 'strict-dynamic' 'self' https://fonts.googleapis.com;
+          base-uri 'self';
+          form-action 'self';
+          object-src 'none'