Fix CSP header

2022-09-05 14:52:48 +00:00 · 2022-09-05 14:52:48 +00:00 · ad2e04469a
parent fb4f94fb73
commit ad2e04469a
1 changed files with 2 additions and 2 deletions
--- a/docker/nginx/conf.dev
+++ b/docker/nginx/conf.dev
@ -69,12 +69,12 @@ http {
            text/x-component
            text/x-cross-domain-policy;

-        add_header Content-Security-Policy "connect-src https: wss: 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+        add_header Content-Security-Policy "connect-src https: wss: 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
        add_header Referrer-Policy "strict-origin-when-cross-origin";
        add_header X-Frame-Options "SAMEORIGIN" always;

        location /front/ {
-            add_header Content-Security-Policy "connect-src https: wss: 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+            add_header Content-Security-Policy "connect-src https: wss: 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
            add_header Referrer-Policy "strict-origin-when-cross-origin";
            add_header Service-Worker-Allowed "/";
            # uncomment the following line and comment the proxy-pass one