Linha RM

Atalhos

Páginas filhas
  • Recomendações de segurança PEP RM

Versões comparadas

Versão antiga 14

changes.mady.by.user Rafael Brito Dantas

Gravado em

comparado com

Nova versão Atual

changes.mady.by.user Rafael Brito Dantas

Gravado em

Chave

  • Esta linha foi adicionada.
  • Esta linha foi removida.
  • A formatação mudou.

...

Bloco de código
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <appSettings>
        <add key="StackTraceVisible" value="false" />
    </appSettings>
    <system.web> 
        <compilation debug="falsetrue" />
    </system.web>
    <system.webServer>
        <httpProtocol>
            <customHeaders> 
				<remove name="Content-Security-Policy" />
                <add 
                name="Content-Security-Policy"
                    value="default-src 'self' http://*.rm.cloudtotvs.com.br https://*.rm.cloudtotvs.com.br;
                       script-src 'self' https://www.googletagmanager.com https://integrations*.memed.com.br https://cdn.memed.com.br.rudderlabs.com https://static.hotjar.com https://script.hotjar.com 'sha256-udd7tgqqiuE63xVVImVw4X2698oKyeOHMxP6WdpSz9g=' https://cdnstatic.rudderlabscloudflareinsights.com;
                       style-src 'self' 'unsafe-inline';
                       object-src 'none';
                       base-uri 'self';
                       connect-src data: 'self' http://localhost:8051 ws://localhost wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://metrics.hotjar.io ws://*.rm.cloudtotvs.com.br:8051 wss://*.rm.cloudtotvs.com.br:8051 https://*.rm.cloudtotvs.com.br:8051 http://*.rm.cloudtotvs.com.br:8051 https://api.rudderlabs.com https://*.memed.com.br https://ipv4.icanhazip.com https://api.ipify.org ; font-src 'self';frame-src 'self' https://*.totvs.io https://dtavoiceapi.azurewebsites.net https://integrationsvoice.memeddta.comtotvs.brio;
 img-src 'self' data:;manifest-src 'self';media-src 'self';worker-src 'none';" />
                <add name="X-Content-Type-Options" value="nosniff" />font-src 'self';
                <add name="X-Xss-Protection" value="1; mode=block" />
   frame-src 'self' https://integrations.memed.com.br https://totvs.daily.co https://www.googletagmanager.com;
         <add name="X-Frame-Options" value="SAMEORIGIN" />
           img-src 'self'    <add name="Cache-Control" value="no-store" />data: https://cdn.jsdelivr.net;
                <add name="Strict-Transport-Security"
      manifest-src 'self';
             value="max-age=31536000; includeSubDomains; preload" />
       media-src 'self';
        <add name="Permissions-Policy"
              worker-src 'none';"    />
				<add name="Permissions-Policy" value="'camera=(self "https://totvs.daily.co"), microphone=(self "https://totvs.daily.co"), geolocation=(self), fullscreen=(self)"' />
                				<add name="Referrer-PolicyAccess-Control-Allow-Origin" value="no-referrer-when-downgradehttps://*.rm.cloudtotvs.com.br" />
                				<add name="CrossAccess-OriginControl-EmbedderAllow-PolicyMethods" value="same-origin" />
                <add name="Cross-Origin-Resource-Policy" value="same-origin" />
                GET, POST, PUT, DELETE, OPTIONS" />
				<add name="CrossAccess-OriginControl-OpenerAllow-PolicyHeaders" value="same-originContent-Type, Authorization" />
                <remove name="X-Powered-By" />
            </customHeaders>
  			      </httpProtocol>
        <security>
            <requestFiltering removeServerHeader="true">
                <verbs>
                    <add verb="TRACE" allowed="false" />
                </verbs>
            </requestFiltering>
        </security>
    </system.webServer>
    <system.web>
        <httpRuntime enableVersionHeader="false" />
        <pages viewStateEncryptionMode="Always" />
    </system.web>
</configuration>

...