motiejus/config
1
Fork 0
Code Packages Releases Activity

CSP

Browse Source
This commit is contained in:
Motiejus Jakštys 2024-08-24 17:10:23 +03:00
parent 37239ac18a
commit 9bb81cb1c9
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/fwminex/configuration.nix
View File

@ -245,10 +245,9 @@ in
'';
"jakstys.lt".extraConfig = ''
header {
Strict-Transport-Security "max-age=2592000"
Strict-Transport-Security "max-age=15768000"
Content-Security-Policy "default-src 'self'"
X-Content-Type-Options "nosniff"
Content-Security-Policy "frame-ancestors 'none'"
X-Frame-Options "DENY"
/_/* Cache-Control "public, max-age=31536000, immutable"

7
modules/services/gitea/default.nix
View File

@ -86,10 +86,11 @@
}
header {
Strict-Transport-Security "max-age=2592000"
Content-Security-Policy "default-src 'self'"
Strict-Transport-Security "max-age=15768000"
# https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764
Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
X-Content-Type-Options "nosniff"
Content-Security-Policy "frame-ancestors 'none'"
X-Frame-Options "DENY"
}