+ public static void addXSSHeaders(HttpServletResponse hsr) {
+ hsr.addHeader("Access-Control-Allow-Origin",
+ "http://cacert.org https://localhost");
+ hsr.addHeader("Access-Control-Max-Age", "60");
+ hsr.addHeader("Content-Security-Policy", "default-src 'self' https://"
+ + ServerConstants.getStaticHostNamePort()
+ + " https://www.cacert.org/*;frame-ancestors 'none'");
+ // ;report-uri https://felix.dogcraft.de/report.php