From 8a29c1db52736c599aea04782e48346741b06ae5 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 25 Aug 2018 00:26:40 +0200
Subject: [PATCH] [mod] Add CSP for security

---
 conf/nginx.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 585109e..eb823e7 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,6 +1,9 @@
 # upload max size
 client_max_body_size 100M;
 
+# Content Security Policy : security to avoid launching unsecure script
+add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' blob: data:; connect-src 'self' wss://$domain;";
+
 # add to v1.4 assets
 root __FINALPATH__/live/public;