adding header to core; adding header for pleroma (#49)
Co-authored-by: muppeth <muppeth@disroot.org> Reviewed-on: #49 Reviewed-by: meaz <meaz@no-reply@disroot.org>
This commit is contained in:
parent
d5b2c45d16
commit
80dd92a994
|
@ -95,6 +95,9 @@ server {
|
||||||
add_header X-Robots-Tag "{{ item.header_robots | default('none') }}";
|
add_header X-Robots-Tag "{{ item.header_robots | default('none') }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.header_frame_ancestors is defined and item.header_frame_ancestors == 'true' %}
|
||||||
|
add_header Content-Security-Policy "frame-ancestors 'self';";
|
||||||
|
{% endif %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block location %}
|
{% block location %}
|
||||||
|
|
|
@ -13,6 +13,11 @@ upstream phoenix {
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://phoenix;
|
proxy_pass http://phoenix;
|
||||||
|
{% if item.mangane is defined and item.mangane == 'true' %}
|
||||||
|
proxy_hide_header Content-Security-Policy;
|
||||||
|
add_header Content-Security-Policy "upgrade-insecure-requests;script-src 'self';connect-src 'self' blob: https://{{ item.name }} wss://{{ item.name }};media-src 'self' https:;img-src 'self' data: blob: https:;default- src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';" always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/(media|proxy) {
|
location ~ ^/(media|proxy) {
|
||||||
|
|
Loading…
Reference in New Issue