forked from medplum/medplum
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vercel.json
27 lines (27 loc) · 1.3 KB
/
vercel.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"cleanUrls": true,
"trailingSlash": false,
"headers": [
{
"source": "/(.*)",
"headers": [
{
"key": "Content-Security-Policy",
"value": "default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.medplum.com *.google.com *.google-analytics.com *.algolia.net; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.gstatic.com *.google.com; frame-ancestors 'self' *.medplum.com; frame-src 'self' *.medplum.com *.gstatic.com *.google.com *.youtube.com; img-src 'self' data: *.medplum.com *.gstatic.com *.google.com *.googletagmanager.com github.com *.github.com *.githubusercontent.com *.youtube.com; manifest-src 'self'; media-src 'self' *.medplum.com; script-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.medplum.com *.gstatic.com *.google.com *.googleapis.com; worker-src 'self' blob: *.medplum.com *.gstatic.com *.google.com; upgrade-insecure-requests"
},
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"key": "X-XSS-Protection",
"value": "1; mode=block"
}
]
}
]
}