Browse Source
Merge pull request #5238 from Budibase/fix/csp-test
fix CSP variables
pull/5250/head
Martin McKeaveney
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
2 additions and
2 deletions
-
hosting/nginx.prod.conf.hbs
|
|
|
@ -43,7 +43,7 @@ http { |
|
|
|
ignore_invalid_headers off; |
|
|
|
proxy_buffering off; |
|
|
|
|
|
|
|
set $csp_default "default-src 'self'" |
|
|
|
set $csp_default "default-src 'self'"; |
|
|
|
set $csp_script "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io"; |
|
|
|
set $csp_style "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me https://maxcdn.bootstrapcdn.com"; |
|
|
|
set $csp_object "object-src 'none'"; |
|
|
|
@ -60,7 +60,7 @@ http { |
|
|
|
add_header X-Frame-Options SAMEORIGIN always; |
|
|
|
add_header X-Content-Type-Options nosniff always; |
|
|
|
add_header X-XSS-Protection "1; mode=block" always; |
|
|
|
add_header Content-Security-Policy ${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always; |
|
|
|
add_header Content-Security-Policy "${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always; |
|
|
|
|
|
|
|
# upstreams |
|
|
|
set $apps {{ apps }}; |
|
|
|
|
