changed default src in csp to self, since none was too restrictive
This commit is contained in:
parent
d86b39070b
commit
31e033a2e3
|
@ -72,7 +72,7 @@ server {
|
|||
{% endif %}
|
||||
{% if item.header_csp is defined and item.header_csp == 'none' %}
|
||||
{% else %}
|
||||
add_header Content-Security-Policy "{{ item.header_csp | default("default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';") }}";
|
||||
add_header Content-Security-Policy "{{ item.header_csp | default("default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';") }}";
|
||||
{% endif %}
|
||||
{% if item.header_cto is defined and item.header_cto == 'none' %}
|
||||
{% else %}
|
||||
|
|
Loading…
Reference in New Issue