26 lines
1.6 KiB
HTML
26 lines
1.6 KiB
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
|
|
<!-- Security Headers (Defense in Depth - Backend should also set HTTP headers) -->
|
|
<!-- Note: connect-src includes localhost:8000 (API), localhost:8334 (MinIO/S3 dev), and production S3 endpoints -->
|
|
<!-- Note: frame-ancestors and X-Frame-Options must be set via HTTP headers, not meta tags -->
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://localhost:8000 http://localhost:8334 https://*.digitaloceanspaces.com https://*.amazonaws.com ws://localhost:*; base-uri 'self'; form-action 'self';">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<meta name="referrer" content="strict-origin-when-cross-origin">
|
|
<meta http-equiv="Permissions-Policy" content="geolocation=(), microphone=(), camera=()">
|
|
|
|
<!-- SEO and Social Meta Tags -->
|
|
<meta name="description" content="MapleFile - Secure End-to-End Encrypted File Storage">
|
|
<meta name="theme-color" content="#1e40af">
|
|
|
|
<title>MapleFile - Secure File Storage</title>
|
|
</head>
|
|
<body>
|
|
<div id="root"></div>
|
|
<script type="module" src="/src/main.jsx"></script>
|
|
</body>
|
|
</html>
|