PapaTutuWawa/Lateinicus
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

sec: Move the CSP to a header on the nginx

Browse Source
This commit is contained in:
Alexander Polynomdivision
2018-10-07 13:49:52 +02:00
parent 3e3b944e48
commit e398417c99
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/nginx.conf
View File

@@ -21,13 +21,16 @@ http {
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000" always;
# Global CSP
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';" always;
# SSL configuration
ssl_certificate /etc/ssl/lateinicus.pem;
ssl_certificate_key /etc/ssl/lateinicus.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 20m;
keepalive_timeout 70;
# Enable gzip compression