sec: Move the CSP to a header on the nginx
This commit is contained in:
parent
3e3b944e48
commit
e398417c99
@ -4,7 +4,6 @@
|
|||||||
<title>Lateinicus</title>
|
<title>Lateinicus</title>
|
||||||
|
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self'; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';">
|
|
||||||
<meta
|
<meta
|
||||||
name="viewport"
|
name="viewport"
|
||||||
content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no"
|
content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no"
|
||||||
|
@ -21,13 +21,16 @@ http {
|
|||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||||
|
|
||||||
|
# Global CSP
|
||||||
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';" always;
|
||||||
|
|
||||||
# SSL configuration
|
# SSL configuration
|
||||||
ssl_certificate /etc/ssl/lateinicus.pem;
|
ssl_certificate /etc/ssl/lateinicus.pem;
|
||||||
ssl_certificate_key /etc/ssl/lateinicus.key;
|
ssl_certificate_key /etc/ssl/lateinicus.key;
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:30m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 20m;
|
||||||
keepalive_timeout 70;
|
keepalive_timeout 70;
|
||||||
|
|
||||||
# Enable gzip compression
|
# Enable gzip compression
|
||||||
|
Reference in New Issue
Block a user