Fix nginx CSP header syntax

This commit is contained in:
Jino Jose 2026-06-30 15:03:31 +05:30
parent 420f02d3af
commit c8545b215a
2 changed files with 2 additions and 22 deletions

View File

@ -32,17 +32,7 @@ server {
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
add_header Content-Security-Policy
"default-src 'self'; "
"script-src 'self' 'unsafe-inline'; "
"style-src 'self' 'unsafe-inline'; "
"img-src 'self' data:; "
"connect-src 'self'; "
"frame-src 'self'; "
"font-src 'self'; "
"object-src 'none'; "
"base-uri 'self';"
always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self';" always;
# ─── robots.txt — block all indexing (air-gapped / private portal) ────────
location = /robots.txt {

View File

@ -32,17 +32,7 @@ server {
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
add_header Content-Security-Policy
"default-src 'self'; "
"script-src 'self' 'unsafe-inline'; "
"style-src 'self' 'unsafe-inline'; "
"img-src 'self' data:; "
"connect-src 'self'; "
"frame-src 'self'; "
"font-src 'self'; "
"object-src 'none'; "
"base-uri 'self';"
always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self';" always;
# ─── robots.txt — block all indexing (air-gapped / private portal) ────────
location = /robots.txt {