Linha RM

Atalhos

Páginas filhas
  • Recomendações de segurança PEP RM

Versões comparadas

Versão antiga 11

changes.mady.by.user Rafael Brito Dantas

Gravado em

comparado com

Nova versão 12

changes.mady.by.user Rafael Brito Dantas

Gravado em

Chave

  • Esta linha foi adicionada.
  • Esta linha foi removida.
  • A formatação mudou.

...

Bloco de código
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <appSettings>
        <add key="StackTraceVisible" value="false" />
    </appSettings>
    <system.web>
        <compilation debug="false" />
    </system.web>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Content-Security-Policy" value="default-src 'self'; 
                                                           value="default-src 'self';script-src 'report-sample' 'self'; 
                                                            https://integrations.memed.com.br https://cdn.memed.com.br https://cdn.rudderlabs.com; style-src 'self' 'unsafe-inline'; 
                                                           object-src 'none'; 
                                                           base-uri 'self'; 
                                                           connect-src data: 'self' http://localhost:8051 ws://localhost:8051; 
                                                            https://api.rudderlabs.com https://*.memed.com.br https://ipv4.icanhazip.com https://api.ipify.org ; font-src 'self'; 
                                                           frame-src 'self'; 
                                                            https://integrations.memed.com.br; img-src 'self' data:;
                                                           manifest-src 'self'; 
                                                           media-src 'self'; 
                                                           worker-src 'none';" />
                <add name="X-Content-Type-Options" value="nosniff" />
                <add name="X-Xss-Protection" value="1; mode=block" />
                <add name="X-Frame-Options" value="SAMEORIGIN" />
                <add name="Cache-Control" value="no-store" />
                <add name="Strict-Transport-Security"
                    value="max-age=31536000; includeSubDomains; preload" />
                <add name="Cross-Origin-Embedder-Permissions-Policy"
                    value="camera=(self), microphone=(self), geolocation=(self), fullscreen=(self)" />
                <add name="Referrer-Policy" value="require-corpno-referrer-when-downgrade" />
                <add name="CrossAccess-OriginControl-ResourceAllow-PolicyOrigin" value="same-origin*" />
                <add name="Cross-Origin-OpenerEmbedder-Policy" value="same-origin" />
                <add name="PermissionsCross-Origin-Resource-Policy" value="camera=(self), microphone=(self), geolocation=(self), fullscreen=(self)same-origin" />
                <add name="ReferrerCross-Origin-Opener-Policy" value="no-referrer-when-downgradesame-origin" />
                <remove name="X-Powered-By" />
            </customHeaders>
        </httpProtocol>
        <security>
            <requestFiltering removeServerHeader="true">
                <verbs>
                    <add verb="TRACE" allowed="false" />
                </verbs>
            </requestFiltering>
        </security>
    </system.webServer>
    <system.web>
        <httpRuntime enableVersionHeader="false" />
        <pages viewStateEncryptionMode="Always" />
    </system.web>
</configuration>

...