Fix nginx CSP header syntax
This commit is contained in:
parent
420f02d3af
commit
c8545b215a
@ -32,17 +32,7 @@ server {
|
|||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||||
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
|
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
|
||||||
add_header Content-Security-Policy
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self';" always;
|
||||||
"default-src 'self'; "
|
|
||||||
"script-src 'self' 'unsafe-inline'; "
|
|
||||||
"style-src 'self' 'unsafe-inline'; "
|
|
||||||
"img-src 'self' data:; "
|
|
||||||
"connect-src 'self'; "
|
|
||||||
"frame-src 'self'; "
|
|
||||||
"font-src 'self'; "
|
|
||||||
"object-src 'none'; "
|
|
||||||
"base-uri 'self';"
|
|
||||||
always;
|
|
||||||
|
|
||||||
# ─── robots.txt — block all indexing (air-gapped / private portal) ────────
|
# ─── robots.txt — block all indexing (air-gapped / private portal) ────────
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
|
|||||||
@ -32,17 +32,7 @@ server {
|
|||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||||
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
|
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
|
||||||
add_header Content-Security-Policy
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self';" always;
|
||||||
"default-src 'self'; "
|
|
||||||
"script-src 'self' 'unsafe-inline'; "
|
|
||||||
"style-src 'self' 'unsafe-inline'; "
|
|
||||||
"img-src 'self' data:; "
|
|
||||||
"connect-src 'self'; "
|
|
||||||
"frame-src 'self'; "
|
|
||||||
"font-src 'self'; "
|
|
||||||
"object-src 'none'; "
|
|
||||||
"base-uri 'self';"
|
|
||||||
always;
|
|
||||||
|
|
||||||
# ─── robots.txt — block all indexing (air-gapped / private portal) ────────
|
# ─── robots.txt — block all indexing (air-gapped / private portal) ────────
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user