ragusa-it/ragusaitweb
1
0
Fork 0
Code Issues Pull Requests 6 Actions Packages Projects Releases Wiki Activity

🛡️ Sentinel: [HIGH] Add HSTS and Permissions-Policy headers

Browse Source 
Added Strict-Transport-Security (HSTS) and Permissions-Policy headers to firebase.json to improve security posture.

- HSTS ensures browsers only connect via HTTPS for 1 year.
- Permissions-Policy restricts usage of sensitive features (camera, mic, geolocation).

Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot]
2026-01-28 01:56:37 +00:00
parent 6b8f54072e
commit 1afa2f3cd8
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
firebase.json
View File

@@ -24,6 +24,14 @@
"key": "X-Frame-Options", "key": "X-Frame-Options",
"value": "DENY" "value": "DENY"
}, },
{
"key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains"
},
{
"key": "Permissions-Policy",
"value": "camera=(), microphone=(), geolocation=()"
},
{ {
"key": "Referrer-Policy", "key": "Referrer-Policy",
"value": "strict-origin-when-cross-origin" "value": "strict-origin-when-cross-origin"