Permalink
Browse files

more CSP defaults

  • Loading branch information...
rizen committed Sep 25, 2017
1 parent 677e373 commit c9d3babd13c2ffc492b6db0c64ad1afadd1bdf59
Showing with 2 additions and 2 deletions.
  1. +2 −2 var/init/etc/nginx.conf
View
@@ -7,11 +7,11 @@ events {
http {
server_tokens off;
#add_header Public-Key-Pins 'pin-sha256="CIraTM7sru3gSDLBgdfwm3ZD07RW9ier758xBXSHEs4="; max-age=2592000; includeSubDomains';
#add_header Public-Key-Pins 'pin-sha256="CIraTM7sru3gSDLBgdfwm3ZD07RW9ier758xBXSHEs4="; report-uri="https://yourdomain.com/_report-collector"; max-age=2592000; includeSubDomains';
add_header X-XSS-Protection 1;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
#add_header Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' *.algolia.net *.cloudfront.net; child-src *.stripe.com *.youtube.com youtu.be *.cloudfront.net; img-src * data:; media-src *; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com js.stripe.com www.google-analytics.com *.googleapis.com *.cloudfront.net *.gstatic.com; font-src 'self' *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com; report-uri http://localhost/_report-collector";
#add_header Content-Security-Policy-Report-Only "default-src 'self' 'unsafe-inline' *.algolia.net *.cloudfront.net; child-src *.stripe.com *.youtube.com youtu.be *.cloudfront.net; img-src * data:; media-src *; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com js.stripe.com www.google-analytics.com *.googleapis.com *.cloudfront.net *.gstatic.com; font-src 'self' *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com; report-uri http://yourdomain.com/_report-collector";
include mime.types;
default_type application/octet-stream;

0 comments on commit c9d3bab

Please sign in to comment.