Skip to content

Instantly share code, notes, and snippets.

@april

april/nginx.conf Secret

Created Feb 7, 2018
Embed
What would you like to do?
# Include all the security headers
include headers.d/pokeinthe.io.conf;
location ~* \.(?:html) {
include headers.d/pokeinthe.io.conf;
add_header Content-Security-Policy "default-src 'none'; base-uri 'none'; form-action 'none'; child-src https://www.youtube.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self'; media-src 'self' blob:; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/ekko-lightbox/5.1.1/ekko-lightbox.min.js https://code.jquery.com/jquery-2.2.4.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/ekko-lightbox/5.1.1/ekko-lightbox.min.css https://fonts.googleapis.com" always;
expires -1;
}
location ~* \.svg$ {
include headers.d/pokeinthe.io.conf;
add_header Content-Security-Policy "default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'";
}
location ~* \M.*.pdf$ {
include headers.d/pokeinthe.io.conf;
add_header Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'none'; style-src 'self' 'unsafe-inline'";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.