From c8545b215aa01bbe403173a8f92fa09d1e789956 Mon Sep 17 00:00:00 2001 From: Jino Jose Date: Tue, 30 Jun 2026 15:03:31 +0530 Subject: [PATCH] Fix nginx CSP header syntax --- ansible/roles/cezen-nginx/files/cezen.conf | 12 +----------- nginx/cezen.conf | 12 +----------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/ansible/roles/cezen-nginx/files/cezen.conf b/ansible/roles/cezen-nginx/files/cezen.conf index 1bcb757..ddf0b20 100644 --- a/ansible/roles/cezen-nginx/files/cezen.conf +++ b/ansible/roles/cezen-nginx/files/cezen.conf @@ -32,17 +32,7 @@ server { add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always; - add_header Content-Security-Policy - "default-src 'self'; " - "script-src 'self' 'unsafe-inline'; " - "style-src 'self' 'unsafe-inline'; " - "img-src 'self' data:; " - "connect-src 'self'; " - "frame-src 'self'; " - "font-src 'self'; " - "object-src 'none'; " - "base-uri 'self';" - always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self';" always; # ─── robots.txt — block all indexing (air-gapped / private portal) ──────── location = /robots.txt { diff --git a/nginx/cezen.conf b/nginx/cezen.conf index 1bcb757..ddf0b20 100644 --- a/nginx/cezen.conf +++ b/nginx/cezen.conf @@ -32,17 +32,7 @@ server { add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always; - add_header Content-Security-Policy - "default-src 'self'; " - "script-src 'self' 'unsafe-inline'; " - "style-src 'self' 'unsafe-inline'; " - "img-src 'self' data:; " - "connect-src 'self'; " - "frame-src 'self'; " - "font-src 'self'; " - "object-src 'none'; " - "base-uri 'self';" - always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self';" always; # ─── robots.txt — block all indexing (air-gapped / private portal) ──────── location = /robots.txt {