aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Dessaux2023-10-01 22:43:00 +0200
committerJulien Dessaux2023-09-30 23:29:19 +0200
commit8d25e818d644091cafff16ec2d98b0adf442cb15 (patch)
treea430214f93ec0c5b59484b77f6448831ece8265d
parentAdded nixos getting started blog article (diff)
downloadwww-8d25e818d644091cafff16ec2d98b0adf442cb15.tar.gz
www-8d25e818d644091cafff16ec2d98b0adf442cb15.tar.bz2
www-8d25e818d644091cafff16ec2d98b0adf442cb15.zip
Fixed CSP
-rw-r--r--deploy/headers_secure.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/deploy/headers_secure.conf b/deploy/headers_secure.conf
index 71b52e1..6dfc381 100644
--- a/deploy/headers_secure.conf
+++ b/deploy/headers_secure.conf
@@ -4,7 +4,7 @@ add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy strict-origin;
add_header Cache-Control no-transform;
-add_header Content-Security-Policy "script-src 'self'";
+add_header Content-Security-Policy "script-src 'unsafe-inline'";
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
# 6 months HSTS pinning
add_header Strict-Transport-Security max-age=16000000;