Skip to content

Commit

Permalink
Merge pull request #105 from hotwax/104-soc2-fixes
Browse files Browse the repository at this point in the history 
Improved: Added X-Frame-Options, CSP, strict-transport-security and Permissions-Policy headers in firebase config in context of soc2 compliance (#104).
  • Loading branch information
@ravilodhi
ravilodhi authored Nov 25, 2024
2 parents d1c6d28 + e5dafa9 commit efc3f57
Showing 1 changed file with 37 additions and 2 deletions.
39 changes: 37 additions & 2 deletions firebase.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,25 @@
"rewrites": [ {
"source": "**",
"destination": "/index.html"
} ]

} ],
"headers": [ {
"source": "**",
"headers": [ {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *;connect-src 'self' *"
},
{
"key": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains"
},{
"key": "Permissions-Policy",
"value": "camera=self"
} ]
}]
},
{
"target": "dev",
Expand All @@ -25,6 +42,24 @@
"rewrites": [ {
"source": "**",
"destination": "/index.html"
}],
"headers": [ {
"source": "**",
"headers": [ {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "Content-Security-Policy",
"value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *;connect-src 'self' *"
},
{
"key": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains"
},{
"key": "Permissions-Policy",
"value": "camera=self"
} ]
}]
}
]
Expand Down

0 comments on commit efc3f57

Please sign in to comment.