-
-
Save hoangitk/4a1cd8206f617c09997e0db575960107 to your computer and use it in GitHub Desktop.
CORS: Web.config to enable CORS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <add name="Access-Control-Allow-Origin" value="*"/> | |
| <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS"/> | |
| <add name="Access-Control-Allow-Headers" value="Content-Type"/> | |
| </customHeaders> | |
| </httpProtocol> | |
| </system.webServer> | |
| </configuration> | |
| ==== | |
| <configuration> | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <add name="Strict-Transport-Security" value="max-age=31536000"/> | |
| <add name="X-Content-Type-Options" value="nosniff"/> | |
| <add name="X-Xss-Protection" value="1; mode=block"/> | |
| <add name="X-Frame-Options" value="SAMEORIGIN"/> | |
| <add name="Content-Security-Policy" value="default-src https:; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com cdn.syndication.twimg.com platform.twitter.com platform.instagram.com www.instagram.com cdn1.developermedia.com cdn2.developermedia.com apis.google.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com az416426.vo.msecnd.net/;"/> | |
| <add name="Referrer-Policy" value="no-referrer-when-downgrade"/> | |
| <add name="Feature-Policy" value="geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';"/> | |
| <remove name="X-Powered-By" /> | |
| <remove name="X-AspNet-Version" /> | |
| <remove name="Server" /> | |
| </customHeaders> | |
| </httpProtocol> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment