securis-web/index.html at develop · devjaes/securis-web · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<!doctype html>
<html lang="en">

<head>
  <meta charset="UTF-8" />
  <link rel="icon" type="image/svg+xml" href="/vite.svg" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <!-- Content Security Policy - Additional layer of security against XSS and data injection attacks -->
  <!-- Note: HTTP headers (configured in vite.config.ts) take precedence over meta tags -->
  <meta http-equiv="Content-Security-Policy"
    content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' http://localhost:3000 https://login.microsoftonline.com https://login.live.com https://graph.microsoft.com blob: data:; media-src 'self' blob: data:; object-src 'none'; base-uri 'self'; form-action 'self' http://localhost:3000 https://login.microsoftonline.com https://login.live.com; upgrade-insecure-requests; block-all-mixed-content" />
  <!-- Additional security headers via meta tags -->
  <meta http-equiv="X-Content-Type-Options" content="nosniff" />
  <meta http-equiv="X-Frame-Options" content="DENY" />
  <meta http-equiv="X-XSS-Protection" content="1; mode=block" />
  <meta name="referrer" content="strict-origin-when-cross-origin" />
  <title>securis-web</title>
</head>

<body>
  <div id="app"></div>
  <script type="module" src="/src/main.ts"></script>
</body>

</html>