Skip to content
Snippets Groups Projects
Commit 1f3239f0 authored by Georg Krause's avatar Georg Krause
Browse files

Add Worker-Src to CSP-Header of nginx config, #1489

parent b5fca7c1
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
changes/changelog.d/1489.bugfix 0 → 100644
+ 1
0
View file @ 1f3239f0
Add worker-src to nginx header to prevent issues (#1489)
deploy/nginx.template
+ 3
3
View file @ 1f3239f0
...@@ -44,7 +44,7 @@ server { ...@@ -44,7 +44,7 @@ server {
# If you are using S3 to host your files, remember to add your S3 URL to the # If you are using S3 to host your files, remember to add your S3 URL to the
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:) # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
root ${FUNKWHALE_FRONTEND_PATH}; root ${FUNKWHALE_FRONTEND_PATH};
...@@ -84,7 +84,7 @@ server { ...@@ -84,7 +84,7 @@ server {
} }
location /front/ { location /front/ {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Service-Worker-Allowed "/"; add_header Service-Worker-Allowed "/";
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
...@@ -94,7 +94,7 @@ server { ...@@ -94,7 +94,7 @@ server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate"; add_header Cache-Control "public, must-revalidate, proxy-revalidate";
} }
location /front/embed.html { location /front/embed.html {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "ALLOW"; add_header X-Frame-Options "ALLOW";
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment