File tree Expand file tree Collapse file tree 1 file changed +4
-4
lines changed
Expand file tree Collapse file tree 1 file changed +4
-4
lines changed Original file line number Diff line number Diff line change @@ -214,8 +214,8 @@ http {
214214 set $csp_policy "";
215215 set $csp_policy_report "";
216216 if ($http_x_forwarded_proto = "https") {
217- set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; default-src https:";
218- set $csp_policy_report "default-src https:; report-uri https://<%= primary_host %> /_csp";
217+ set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; script-src 'unsafe-inline'; script-src 'unsafe-eval'; style-src 'unsafe-inline'; default-src https:";
218+ set $csp_policy_report "default-src https:; script-src 'unsafe-inline'; report-uri https://<%= primary_host %> /_csp";
219219 }
220220 add_header X-Content-Type-Options "nosniff";
221221 add_header Content-Security-Policy "$csp_policy";
@@ -503,8 +503,8 @@ http {
503503 set $csp_policy "";
504504 set $csp_policy_report "";
505505 if ($http_x_forwarded_proto = "https") {
506- set $csp_policy "frame-ancestors 'none'; default-src https:";
507- set $csp_policy_report "default-src https:; report-uri https://<%= primary_host %> /_csp";
506+ set $csp_policy "upgrade-insecure-requests; frame-ancestors 'none'; script-src 'unsafe-inline'; script-src 'unsafe-eval'; style-src 'unsafe-inline '; default-src https:";
507+ set $csp_policy_report "default-src https:; script-src 'unsafe-inline'; report-uri https://<%= primary_host %> /_csp";
508508 }
509509 add_header X-Content-Type-Options "nosniff";
510510 add_header Strict-Transport-Security "max-age=31536000";
You can’t perform that action at this time.
0 commit comments