joby/webserver-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

config fix

Browse source
This commit is contained in:
Joby 2024-10-22 20:38:35 -06:00
parent 928e3ae04c
commit 882a417527
1 changed files with 2 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
site-config.conf
View file

@ -21,19 +21,8 @@ server {
limit_req zone=general burst=100 nodelay;
# Content Security Policy (needs to be per-domain)
add_header Content-Security-Policy "
default-src 'self' *.$DOMAIN;
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN;
style-src 'self' 'unsafe-inline' *.$DOMAIN;
img-src 'self' data: *.$DOMAIN;
font-src 'self' data: *.$DOMAIN;
connect-src 'self' *.$DOMAIN;
frame-src 'self' *.$DOMAIN;
media-src 'self' *.$DOMAIN;
object-src 'none';
base-uri 'self';
form-action 'self' *.$DOMAIN;
" always;
add_header Content-Security-Policy "default-src 'self' *.$DOMAIN; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.$DOMAIN; style-src 'self' 'unsafe-inline' *.$DOMAIN; img-src 'self' data: *.$DOMAIN; font-src 'self' data: *.$DOMAIN; connect-src 'self' *.$DOMAIN; frame-src 'self' *.$DOMAIN; media-src 'self' *.$DOMAIN; object-src 'none'; base-uri 'self'; form-action 'self' *.$DOMAIN" always;
# Subdomain handling
set $subdomain '';