fix(security): add Permissions-Policy and DNS-Prefetch-Control headers

Add missing security headers recommended by securityheaders.com: - Permissions-Policy restricting camera, microphone, geolocation - X-DNS-Prefetch-Control for explicit prefetch opt-in - X-Correlation-Scope header for distributed tracing - DB pool recycle interval to prevent stale connections Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 13:15:53 -05:00
parent df600452e7
commit fb0ee36996
4 changed files with 6 additions and 0 deletions
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -4,6 +4,8 @@
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="color-scheme" content="dark light" />
+    <link rel="dns-prefetch" href="//api" />
    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' wss: ws:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'">
    <title>TOD - The Other Dude</title>
  </head>