Expand responses to include CSP

Ref: https://github.com/h5bp/server-configs-apache/issues/187
2019-07-31 15:31:17 +02:00 · 2019-07-31 15:31:17 +02:00 · 41689406c8
parent de4564ec9c
commit 41689406c8
1 changed files with 1 additions and 1 deletions
--- a/nginx.conf
+++ b/nginx.conf
@ -112,7 +112,7 @@ http {
  # Add Content-Security-Policy for HTML documents.
  # h5bp/security/content-security-policy.conf
  map $sent_http_content_type $content_security_policy {
-    ~*text/html "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests";
+    ~*text/(html|javascript)|application/pdf|xml "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests";
  }
  # Add Referrer-Policy for HTML documents.