28 lines
1.1 KiB
Nginx Configuration File
28 lines
1.1 KiB
Nginx Configuration File
# ----------------------------------------------------------------------
|
|
# | Content Security Policy (CSP) |
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Mitigate the risk of cross-site scripting and other content-injection
|
|
# attacks.
|
|
#
|
|
# This can be done by setting a `Content Security Policy` which whitelists
|
|
# trusted sources of content for your website.
|
|
#
|
|
# There is no policy that fits all websites, you will have to modify the
|
|
# `Content-Security-Policy` directives in the example depending on your needs.
|
|
#
|
|
# To make your CSP implementation easier, you can use an online CSP header
|
|
# generator such as:
|
|
# https://report-uri.com/home/generate/
|
|
#
|
|
# It is encouraged that you validate your CSP header using a CSP validator
|
|
# such as:
|
|
# https://csp-evaluator.withgoogle.com
|
|
#
|
|
# https://csp.withgoogle.com/docs/
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
# https://www.html5rocks.com/en/tutorials/security/content-security-policy/
|
|
# https://www.w3.org/TR/CSP/
|
|
|
|
add_header Content-Security-Policy $content_security_policy always;
|