Drop unsafe-inline and unsafe-eval
This commit is contained in:
parent
9db03ed2ed
commit
3975f59ddf
|
@ -25,7 +25,7 @@ server {
|
|||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always;
|
||||
add_header Content-Security-Policy "default-src https://{{ item.servername }}:433" always;
|
||||
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), notifications=(), payment=(), usb=()" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
|
|
Loading…
Reference in New Issue