doneit-web/web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    
    <!-- Add MIME type for APK -->
    <staticContent>
      <mimeMap fileExtension=".apk" mimeType="application/vnd.android.package-archive" />
    </staticContent>

    <rewrite>
      <rules>
        <rule name="AngularRewrite" stopProcessing="true">
          <match url=".*" />
          <conditions logicalGrouping="MatchAll">
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
          </conditions>
          <action type="Rewrite" url="/" />
        </rule>
      </rules>
    </rewrite>

    <httpProtocol>
      <customHeaders>
        <!-- Iframe on the same host only -->
        <add name="Content-Security-Policy" value="frame-ancestors https://gdviewer-dev.dyndns.info/" />
        <!-- HTTPS on -->
        <add name="Strict-Transport-Security" value="max-age=31536000" />
        <add name="Referrer-Policy" value="no-referrer" />
        <add name="X-Content-Type-Options" value="nosniff" />
        <!-- Permissions -->
        <add name="Permissions-Policy" value="camera=(), microphone=*" />
        <!-- CORS and security -->
        <add name="Cross-Origin-Resource-Policy" value="cross-origin" />
        <add name="Cross-Origin-Opener-Policy" value="require-corp" />
        <add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>

  </system.webServer>
</configuration>