CSP reporting is unusable: browser extensions being blocked flood the most.
This commit is contained in:
parent
e22ba8af0f
commit
767c8d3429
|
@ -51,11 +51,9 @@
|
|||
root /var/www/afpy.org/;
|
||||
include snippets/letsencrypt-afpy.org.conf;
|
||||
index index.html;
|
||||
add_header Reporting-Endpoints xmpp="https://http-to-xmpp.afpy.org";
|
||||
add_header Report-To '{"group": "xmpp", "max_age": 86400, "endpoints": [{"url": "https://http-to-xmpp.afpy.org"}]}';
|
||||
# font-src 'self' for afpy.org/admin/ which loads fonts like:
|
||||
# https://www.afpy.org/admin/static/bootstrap/bootstrap4/fonts/fontawesome-webfont.eot?#iefix&v=4.7.0
|
||||
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; frame-src https://www.helloasso.com https://web.libera.chat; report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
|
||||
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; frame-src https://www.helloasso.com https://web.libera.chat;";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
|
||||
location /discord
|
||||
|
|
Loading…
Reference in New Issue
Block a user