forked from AFPy/infra
CSPs
This commit is contained in:
parent
24a55603cb
commit
0daf51953a
|
@ -130,6 +130,10 @@
|
|||
include snippets/letsencrypt-git.afpy.org.conf;
|
||||
client_max_body_size 16M;
|
||||
|
||||
add_header Content-Security-Policy-Report-Only "default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'";
|
||||
# See add_header Content-Security-Policy-Report-Only "
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
|
||||
# location /_/static/assets/ {
|
||||
# alias /var/lib/gitea-static/public/;
|
||||
# }
|
||||
|
|
Loading…
Reference in New Issue