diff --git a/modules/profile/templates/contentorigin/site.nginx.erb b/modules/profile/templates/contentorigin/site.nginx.erb index a1d653a..4c352aa 100644 --- a/modules/profile/templates/contentorigin/site.nginx.erb +++ b/modules/profile/templates/contentorigin/site.nginx.erb @@ -13,6 +13,9 @@ server { server_tokens off; + # Add Content Security Policy headers + add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' code.jquery.com; connect-src 'self'; img-src 'self'; style-src 'self'; report-to https://csp-report-api.openjs-foundation.workers.dev/"; + location / { root /srv/www/content.jquery.com; diff --git a/modules/profile/templates/gruntjscom/site.nginx.erb b/modules/profile/templates/gruntjscom/site.nginx.erb index 4d16781..735e8d5 100644 --- a/modules/profile/templates/gruntjscom/site.nginx.erb +++ b/modules/profile/templates/gruntjscom/site.nginx.erb @@ -12,6 +12,9 @@ server { error_log /var/log/nginx/error.log crit; server_tokens off; + # Add Content Security Policy headers + add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' code.jquery.com; connect-src 'self'; img-src 'self'; style-src 'self'; report-to https://csp-report-api.openjs-foundation.workers.dev/"; + location / { proxy_pass http://localhost:<%= @backend_port %>; proxy_redirect off; diff --git a/modules/profile/templates/miscweb/site.nginx.erb b/modules/profile/templates/miscweb/site.nginx.erb index 633e10e..fd8d111 100644 --- a/modules/profile/templates/miscweb/site.nginx.erb +++ b/modules/profile/templates/miscweb/site.nginx.erb @@ -18,6 +18,9 @@ server { root /srv/www/<%= @fqdn %><%= @site['webroot'] or '' %>; + # Add Content Security Policy headers + add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' code.jquery.com; connect-src 'self'; img-src 'self'; style-src 'self'; report-to https://csp-report-api.openjs-foundation.workers.dev/"; + <%- if @site['allow_php'] -%> index index.php index.html; try_files $uri $uri/ /index.php$is_args$args;