nodes/voc.pretalx: work around content-security-policy issues
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
aad27851bb
commit
24f04e59aa
2 changed files with 4 additions and 3 deletions
|
@ -26,9 +26,6 @@ server {
|
||||||
client_max_body_size 5M;
|
client_max_body_size 5M;
|
||||||
% endif
|
% endif
|
||||||
|
|
||||||
add_header Referrer-Policy same-origin;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
|
|
||||||
location /.well-known/acme-challenge/ {
|
location /.well-known/acme-challenge/ {
|
||||||
alias /var/www/dehydrated;
|
alias /var/www/dehydrated;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,3 +11,7 @@
|
||||||
expires 365d;
|
expires 365d;
|
||||||
add_header Cache-Control "public";
|
add_header Cache-Control "public";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
|
||||||
|
proxy_hide_header content-security-policy;
|
||||||
|
add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";
|
||||||
|
|
Loading…
Reference in a new issue