diff --git a/nginx.conf b/nginx.conf index 94a4b0a..78d1453 100644 --- a/nginx.conf +++ b/nginx.conf @@ -112,7 +112,7 @@ http { # Add Content-Security-Policy for HTML documents. # h5bp/security/content-security-policy.conf map $sent_http_content_type $content_security_policy { - ~*text/html "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests"; + ~*text/(html|javascript)|application/pdf|xml "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests"; } # Add Referrer-Policy for HTML documents.