diff options
author | Marcello Stanisci <stanisci.m@gmail.com> | 2019-02-22 19:06:23 +0100 |
---|---|---|
committer | Marcello Stanisci <stanisci.m@gmail.com> | 2019-02-22 19:06:23 +0100 |
commit | 6aed63598ba221ad7b2e0c80361263e590caf249 (patch) | |
tree | 2cf67fadd6c94c7ec8b2d093ef5478ae2811d736 | |
parent | 8dad02d7158f3d2b3f8cee17825effd6bf37ddbc (diff) | |
download | deployment-6aed63598ba221ad7b2e0c80361263e590caf249.tar.gz deployment-6aed63598ba221ad7b2e0c80361263e590caf249.tar.bz2 deployment-6aed63598ba221ad7b2e0c80361263e590caf249.zip |
CSP.
Enabling taler.net as 'default-src' because of
'glyphicons' loading.
-rw-r--r-- | etc/nginx/conf.d/talerssl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl index 4a932f8..742c9ab 100644 --- a/etc/nginx/conf.d/talerssl +++ b/etc/nginx/conf.d/talerssl @@ -10,5 +10,5 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; -add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.taler.net/dist/js/; style-src 'self' 'unsafe-inline' https://www.taler.net/dist/css/; connect-src 'self' wss://buildbot.taler.net"; +add_header Content-Security-Policy "default-src 'self' https://www.taler.net/dist/; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://buildbot.taler.net"; add_header Referrer-Policy "same-origin"; |