From 4ac07de3ad368903ebde273faec42a92b3e44b00 Mon Sep 17 00:00:00 2001 From: Thomas DA ROCHA Date: Tue, 22 Aug 2023 14:23:23 +0200 Subject: [PATCH] fix: Content-Security-Policy --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 9d82d52..befbe03 100644 --- a/nginx.conf +++ b/nginx.conf @@ -10,7 +10,7 @@ server { charset utf-8; charset_types text/css application/javascript; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' lenra.io *.lenra.io https://www.gstatic.com/flutter-canvaskit/ wss://*.lenra.io; font-src https://fonts.gstatic.com/; object-src 'none'; base-uri 'self';"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' lenra.io *.lenra.io https://www.gstatic.com/flutter-canvaskit/ https://fonts.gstatic.com/ wss://*.lenra.io; object-src 'none'; base-uri 'self';"; add_header Vary "Accept-Encoding"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options "DENY";