goodgo-platform

admin/goodgo-platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ho Ngoc Hai	017d85247e	fix(security): harden security headers across API and Web apps - API: set X-Frame-Options to DENY via frameguard, add Permissions-Policy header, widen CSP connect-src for Swagger CDN - Web: add HSTS header (1yr, includeSubDomains, preload), add payment=(self) to Permissions-Policy, make localhost:3001 in CSP connect-src dev-only Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-10 20:10:22 +07:00

Author

SHA1

Message

Date

Ho Ngoc Hai

017d85247e

fix(security): harden security headers across API and Web apps

- API: set X-Frame-Options to DENY via frameguard, add Permissions-Policy header, widen CSP connect-src for Swagger CDN
- Web: add HSTS header (1yr, includeSubDomains, preload), add payment=(self) to Permissions-Policy, make localhost:3001 in CSP connect-src dev-only

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-10 20:10:22 +07:00

1 Commits