play.filters.hosts {
  allowed = ["."]
}

play.filters.enabled += play.filters.headers.SecurityHeadersFilter

play.filters.headers {
  contentSecurityPolicy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://jevalide.ca"
}

play.filters.enabled += "play.filters.cors.CORSFilter"
play.filters.cors {
  allowedOrigins = null  // Allow all origins
  allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
  allowedHttpHeaders = ["Accept", "Content-Type"]
}