Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save d-amend/1339b390d59819bc3f02a3818d5f81c9 to your computer and use it in GitHub Desktop.
Save d-amend/1339b390d59819bc3f02a3818d5f81c9 to your computer and use it in GitHub Desktop.
Base for Content-Security-Policy Header for nginx hosted Wordpress. Needs hostname adjustments to use
add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; media-src 'self'; img-src 'self' https://s.w.org https://wordpress.org https://ps.w.org data:; font-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://*.selfhostname.org; form-action 'self'; frame-ancestors 'self' *.validhosttoembedthissite.org; frame-src 'self' ; upgrade-insecure-requests;" always;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment