Skip to content

Commit

Permalink
Merge pull request #54 from fga-eps-mds/nginx-security
Browse files Browse the repository at this point in the history
Permissão unsafe-eval e img-src CSP
  • Loading branch information
gabiMSilva authored Dec 9, 2020
2 parents a79b83d + 2f4a7f5 commit 2fa3fe6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion hom-nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ http {
listen 443 ssl http2;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline';font-src fonts.gstatic.com;style-src 'self' fonts.googleapis.com;connect-src *;" always;
add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' fonts.gstatic.com;style-src 'self' fonts.googleapis.com;img-src *;connect-src *;" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
expires $expires;
Expand Down

0 comments on commit 2fa3fe6

Please sign in to comment.