Marmelator/red-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1.4k Wiki Activity

RED-8128 add frame ancestors CSP

Browse Source
This commit is contained in:
Dan Percic 2024-01-15 20:10:57 +02:00
parent c70d8d75c0
commit 0bb0d2591f
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker/common/nginx/nginx.conf
View File

@ -6,7 +6,7 @@ server {
root /usr/share/nginx/html;
# SSL stuff for cloudflare proxy-ing - ignores SSL certificate and uses SNI
add_header Content-Security-Policy "default-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
add_header Content-Security-Policy "frame-ancestors 'self'; default-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
proxy_ssl_verify off;
proxy_read_timeout 1m;
@ -32,4 +32,3 @@ server {
gzip_types application/javascript text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}