Zlatko zladuric
zladuric
/ nginx security headers.conf
Created
March 5, 2019 08:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Security headers | |
| # HSTS. Tell the browser only to access via https, and include subdomains as well. | |
| add_header Strict-Transport-Security "max-age=2592000; includeSubDomains; preload"; | |
| # Tell the browser not to include our page as a frame in other pages. | |
| add_header X-Frame-Options DENY; | |
| # Tell the browser not to guess what type the file is | |
| add_header X-Content-Type-Options nosniff; | |
| ## Tell the browser to only execute scripts included from our domain or www.some-analytics.com | |
| add_header Content-Security-Policy "default-src 'self' www.some-analytics.com;"; | |
| # Cross site prot headers. Block rendering if CSS detected. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| window.onload = function() { | |
| const TILE_TYPES = { | |
| FULL: 'full', | |
| EMPTY: 'empty', | |
| HALF_FULL: 'half-full', | |
| }; | |
| const template = document.getElementById('tile'); | |
| class TileElement extends HTMLElement { | |
| connectedCallback () { |
OlderNewer