Skip to content

Commit

Permalink
Merge pull request #53 from fga-eps-mds/nginx-security
Browse files Browse the repository at this point in the history
Permissao para scripts inline Content-Security-Policy
  • Loading branch information
EduardoPicolo authored Dec 9, 2020
2 parents 7d0c014 + 4f6c510 commit a79b83d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion hom-nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ http {
listen 443 ssl http2;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self';font-src fonts.gstatic.com;style-src 'self' fonts.googleapis.com;" always;
add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline';font-src fonts.gstatic.com;style-src 'self' fonts.googleapis.com;connect-src *;" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
expires $expires;
Expand All @@ -54,6 +54,7 @@ http {

location ~* \.(?:ico|css|js|gif|jpe?g|webp|svg|png)$ {
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
access_log off;
gzip_static on;
gzip_comp_level 5;
Expand Down

0 comments on commit a79b83d

Please sign in to comment.