Skip to content

Commit

Permalink
Improved: Added X-Frame-Options, CSP, strict-transport-security and P…
Browse files Browse the repository at this point in the history
…ermissions-Policy headers in firebase config in context of soc2 compliance (#104).
  • Loading branch information
ravilodhi committed Apr 29, 2024
1 parent fc53c38 commit 963fece
Showing 1 changed file with 19 additions and 2 deletions.
21 changes: 19 additions & 2 deletions firebase.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,25 @@
"rewrites": [ {
"source": "**",
"destination": "/index.html"
} ]

} ],
"headers": [ {
"source": "**",
"headers": [ {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
},
{
"key": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains"
},{
"key": "Permissions-Policy",
"value": "camera=self"
} ]
}]
},
{
"target": "uat",
Expand Down

0 comments on commit 963fece

Please sign in to comment.