YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Tweak the CSP config in nginx template for domains (#456)

Browse source 
* Little correction for template conf for apps
* Move the default-src CSP thing to report-only for now
This commit is contained in:
frju365 2018-05-01 23:44:23 +02:00 committed by Alexandre Aubin
parent b9330d7501
commit 90e093a482
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
data/templates/nginx/server.tpl.conf
View file

@ -46,7 +46,8 @@ server {
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
# https://observatory.mozilla.org/
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
add_header Content-Security-Policy "upgrade-insecure-requests;"
add_header Content-Security-Policy-Report-Only "default-src https: data: 'unsafe-inline' 'unsafe-eval'";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options noopen;