sec: Move the CSP to a header on the nginx
This commit is contained in:
parent
3e3b944e48
commit
e398417c99
@ -4,7 +4,6 @@
|
||||
<title>Lateinicus</title>
|
||||
|
||||
<meta charset="UTF-8">
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self'; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';">
|
||||
<meta
|
||||
name="viewport"
|
||||
content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no"
|
||||
|
@ -21,13 +21,16 @@ http {
|
||||
listen 443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
# Global CSP
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';" always;
|
||||
|
||||
# SSL configuration
|
||||
ssl_certificate /etc/ssl/lateinicus.pem;
|
||||
ssl_certificate_key /etc/ssl/lateinicus.key;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_cache shared:SSL:30m;
|
||||
ssl_session_timeout 20m;
|
||||
keepalive_timeout 70;
|
||||
|
||||
# Enable gzip compression
|
||||
|
Reference in New Issue
Block a user