From c0c026613f18de3741d091581ac700e83d026ef1 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Mon, 27 Apr 2020 02:15:14 +0200
Subject: [PATCH] Add wss: to default to get rid of angry CSP on webadmin

---
 data/templates/nginx/security.conf.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/nginx/security.conf.inc b/data/templates/nginx/security.conf.inc
index ff3d2ee99..0a8bd90b6 100644
--- a/data/templates/nginx/security.conf.inc
+++ b/data/templates/nginx/security.conf.inc
@@ -22,7 +22,7 @@ ssl_prefer_server_ciphers off;
 # https://wiki.mozilla.org/Security/Guidelines/Web_Security
 # https://observatory.mozilla.org/
 more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
-more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'";
+more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'  ";
 more_set_headers "X-Content-Type-Options : nosniff";
 more_set_headers "X-XSS-Protection : 1; mode=block";
 more_set_headers "X-Download-Options : noopen";