@@ -21,7 +21,7 @@ server {
2121 add_header X-Frame-Options "SAMEORIGIN" always;
2222 add_header X-Content-Type-Options "nosniff" always;
2323 add_header Referrer-Policy "strict-origin-when-cross-origin" always;
24- add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com; frame-src 'none'" always;
24+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu-assets.i.posthog.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu.i.posthog .com; frame-src 'none'" always;
2525 }
2626
2727 # HTML files - always revalidate to pick up new asset hashes
@@ -30,7 +30,7 @@ server {
3030 add_header X-Frame-Options "SAMEORIGIN" always;
3131 add_header X-Content-Type-Options "nosniff" always;
3232 add_header Referrer-Policy "strict-origin-when-cross-origin" always;
33- add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com; frame-src 'none'" always;
33+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu-assets.i.posthog.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu.i.posthog .com; frame-src 'none'" always;
3434 }
3535
3636 # JSON data files (like latest.json) - revalidate frequently
@@ -39,7 +39,7 @@ server {
3939 add_header X-Frame-Options "SAMEORIGIN" always;
4040 add_header X-Content-Type-Options "nosniff" always;
4141 add_header Referrer-Policy "strict-origin-when-cross-origin" always;
42- add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com; frame-src 'none'" always;
42+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu-assets.i.posthog.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu.i.posthog .com; frame-src 'none'" always;
4343 }
4444
4545 # SPA fallback - serve index.html for all routes
@@ -48,7 +48,7 @@ server {
4848 add_header X-Frame-Options "SAMEORIGIN" always;
4949 add_header X-Content-Type-Options "nosniff" always;
5050 add_header Referrer-Policy "strict-origin-when-cross-origin" always;
51- add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com; frame-src 'none'" always;
51+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu-assets.i.posthog.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://comments.getcmdr.com https://anal.veszelovszki.com https://eu.i.posthog .com; frame-src 'none'" always;
5252 try_files $uri $uri / /index .html;
5353 }
5454}
0 commit comments