29 lines
1.2 KiB
Nginx Configuration File
29 lines
1.2 KiB
Nginx Configuration File
# ----------------------------------------------------------------------
|
|
# | Content Security Policy (CSP) |
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Mitigate the risk of cross-site scripting and other content-injection
|
|
# attacks.
|
|
#
|
|
# This can be done by setting a Content Security Policy which permits
|
|
# trusted sources of content for your website.
|
|
#
|
|
# There is no policy that fits all websites, you will have to modify the
|
|
# `Content-Security-Policy` directives in the example depending on your needs.
|
|
#
|
|
# To make your CSP implementation easier, you can use an online CSP header
|
|
# generator such as:
|
|
# https://report-uri.com/home/generate/
|
|
#
|
|
# It is encouraged that you validate your CSP header using a CSP validator
|
|
# such as:
|
|
# https://csp-evaluator.withgoogle.com
|
|
#
|
|
# https://www.w3.org/TR/CSP/
|
|
# https://owasp.org/www-project-secure-headers/#content-security-policy
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
# https://developers.google.com/web/fundamentals/security/csp
|
|
# https://content-security-policy.com/
|
|
|
|
add_header Content-Security-Policy $content_security_policy always;
|