diff --git a/conf/nginx.conf b/conf/nginx.conf index 15ff97a..c34a6a9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,11 +7,6 @@ client_max_body_size 100M; charset utf-8; - # headers - more_set_headers Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; - more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; - more_set_headers X-Frame-Options "SAMEORIGIN" always; - location /api/ { include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; # This is needed if you have file import via upload enabled. @@ -47,7 +42,7 @@ try_files $uri $uri/ /index.html; } - location ~ "/(front/)?embed.html/" { + location ~ "/(front/)?embed.html" { alias __INSTALL_DIR__/front/dist/;embed.html; more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; more_set_headers Referrer-Policy "strict-origin-when-cross-origin";