Skip to content

Commit

Permalink
add connect-src csp
Browse files Browse the repository at this point in the history
  • Loading branch information
@matt--williams
matt--williams committed Apr 8, 2024
1 parent 4a1b8aa commit c7ceed9
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .docker/config/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ server {
set $csp "${csp} script-src 'self' 'unsafe-inline' https https://tagmanager.google.com https://www.googletagmanager.com https://apps.usw2.pure.cloud *.fontawesome.com *.google-analytics.com;";
set $csp "${csp} style-src 'self' 'unsafe-inline' https https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com *.fontawesome.com;";
set $csp "${csp} style-src-elem 'self' 'unsafe-inline' https https://fonts.googleapis.com;";
set $csp "${csp} font-src 'self' *.gstatic.com *.fontawesome.com";
set $csp "${csp} font-src 'self' *.gstatic.com *.fontawesome.com;";
set $csp "${csp} connect-src 'self' https://*.cme.openhbx.org";

more_set_headers "Content-Security-Policy: ${csp}";
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains";
Expand Down

0 comments on commit c7ceed9

Please sign in to comment.