Linha RM

Atalhos

Páginas filhas
  • Recomendações de segurança PEP RM

Versões comparadas

Versão antiga 9

changes.mady.by.user Rafael Brito Dantas

Gravado em

comparado com

Nova versão Atual

changes.mady.by.user Rafael Brito Dantas

Gravado em

Chave

  • Esta linha foi adicionada.
  • Esta linha foi removida.
  • A formatação mudou.

...

Para realizar as configurações abaixo será necessário acessar o arquivo web.config da pasta FrameHTML. da pasta do pep em FrameHTML

O trecho de código abaixo deve ser incluído no nó <system.webServer>

...

Bloco de código
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <appSettings>
        <add key="StackTraceVisible" value="false" />
    </appSettings>
    <system.web> 
        <compilation debug="falsetrue" />
    </system.web>
    <system.webServer>
        <httpProtocol>
            <customHeaders> 
				<remove name="Content-Security-Policy" />
                <add 
                name="Content-Security-Policy"
                    value="default-src 'self' http://*.rm.cloudtotvs.com.br https://*.rm.cloudtotvs.com.br; 
						
                       script-src 'self' https://www.googletagmanager.com https://*.memed.com.br https://cdn.rudderlabs.com https://static.hotjar.com https://script.hotjar.com 'sha256-udd7tgqqiuE63xVVImVw4X2698oKyeOHMxP6WdpSz9g=' https://static.cloudflareinsights.com; 
						
                       style-src 'self' 'unsafe-inline'; 
						
                       object-src 'none'; 
						
                       base-uri 'self'; 
						
                       connect-src data: 'self' httpwss://{HOST_API_URL} ws://{HOST_API_URL}; 
						font-src 'self'; 
						frame-src 'self'; 
						img-src 'self' data:ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://metrics.hotjar.io ws://*.rm.cloudtotvs.com.br:8051 wss://*.rm.cloudtotvs.com.br:8051 https://*.rm.cloudtotvs.com.br:8051 http://*.rm.cloudtotvs.com.br:8051 https://api.tiles.mapboxrudderlabs.com https://c*.tilememed.openstreetmapcom.orgbr https://a.tile.openstreetmapipv4.icanhazip.com https://api.ipify.org https://b*.tiletotvs.openstreetmap.orgio https://apidtavoiceapi.qrserverazurewebsites.comnet https://chartvoice.dta.googleapistotvs.com; 
						manifestio;
                       font-src 'self'; 
						media
                       frame-src 'self'; 
						report-uri https://integrations.memed.com.br https://676eff58cfdd640ab319c568.endpoint.csper.io?builder=true&v=5; 
						workertotvs.daily.co https://www.googletagmanager.com;
                       img-src 'none';" />
self' data: https://cdn.jsdelivr.net;
                   <add name="X-Content-Type-Options" value="nosniff" />
    manifest-src 'self';
                      <add name="X-Xss-Protection" value="1; mode=block" />
media-src 'self';
                       worker-src 'none';" />
				<add name="XPermissions-Frame-OptionsPolicy" value='camera="SAMEORIGIN" />
                (self "https://totvs.daily.co"), microphone=(self "https://totvs.daily.co"), geolocation=(self), fullscreen=(self)' />
				<add name="Access-Control-Allow-Origin" value="https://*.rm.cloudtotvs.com.br" />
				<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
				<add name="CacheAccess-Control-Allow-Headers" value="no-storeContent-Type, Authorization" />
                <remove name="X-Powered-By" />
            </customHeaders>
  			      </httpProtocol>
        <security>
            <requestFiltering removeServerHeader="true">
                <verbs>
                    <add verb="TRACE" allowed="false" />
                </verbs>
            </requestFiltering>
        </security>
    </system.webServer>
    <system.web>
        <httpRuntime enableVersionHeader="false" />
        <pages viewStateEncryptionMode="Always" />
    </system.web>
</configuration>

...