Skip to content

Instantly share code, notes, and snippets.

@TGWolf

TGWolf/Content Security Policies.md

Created March 15, 2016 22:11
Show Gist options
  • Save TGWolf/67b39f66dacd4961e7b1 to your computer and use it in GitHub Desktop.
Save TGWolf/67b39f66dacd4961e7b1 to your computer and use it in GitHub Desktop.
Download ZIP
Content Security Policies for Common WebApps
Raw
Content Security Policies.md

Gitlab (community Edition)

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;"

Munin

Header always set Content-Security-Policy: "default-src 'self';"

Nagios

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' assets.nagios.com/images/; connect-src 'self' www.nagios.org; frame-src 'self' www.youtube.com/embed/;"

Owncloud

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval';"

Puppet Dashboard

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';"

ShellInABox

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment