Skip to content

Commit 433534e

Browse files
sorahsorah
committed
https:
1 parent 9073945 commit 433534e

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

config/nginx.conf.erb

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -214,8 +214,8 @@ http {
214214
set $csp_policy "";
215215
set $csp_policy_report "";
216216
if ($http_x_forwarded_proto = "https") {
217-
set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; default-src https:";
218-
set $csp_policy_report "default-src https:; script-src 'unsafe-inline'; report-uri https://<%= primary_host %>/_csp";
217+
set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; default-src https:";
218+
set $csp_policy_report "default-src https:; script-src https: 'unsafe-inline'; report-uri https://<%= primary_host %>/_csp";
219219
}
220220
add_header X-Content-Type-Options "nosniff";
221221
add_header Content-Security-Policy "$csp_policy";
@@ -503,8 +503,8 @@ http {
503503
set $csp_policy "";
504504
set $csp_policy_report "";
505505
if ($http_x_forwarded_proto = "https") {
506-
set $csp_policy "frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; default-src https:";
507-
set $csp_policy_report "default-src https:; script-src 'unsafe-inline'; report-uri https://<%= primary_host %>/_csp";
506+
set $csp_policy "frame-ancestors 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; default-src https:";
507+
set $csp_policy_report "default-src https:; script-src https: 'unsafe-inline'; report-uri https://<%= primary_host %>/_csp";
508508
}
509509
add_header X-Content-Type-Options "nosniff";
510510
add_header Strict-Transport-Security "max-age=31536000";
@@ -517,7 +517,7 @@ http {
517517
proxy_hide_header Cache-Control;
518518
proxy_hide_header Expires;
519519
# 2015 sites and prior had mixed content issues
520-
set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; default-src https:";
520+
set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; default-src https:";
521521
add_header Cache-Control "public, max-age=604800, s-maxage=31536000";
522522
proxy_pass https://2009-2011.rubykaigi.org;
523523
}

0 commit comments

Comments
 (0)