Merge pull request #115 from anmol26s/master

Updated to 2.5.0 and added Nginx : CSP as suggested by @frju365
author: nemsia <nemsia@nemsia.org> 2018-09-04 16:56:08 +0200
committer: GitHub <noreply@github.com> 2018-09-04 16:56:08 +0200
commit: afdd8477990930e9221578e190e2c312e27a6cf9 (patch)
tree: 5f7d4369c315624a208bcce7c5dcc018369585a2 /conf/nginx.conf
parent: 512ed23dd18de4c300b2d2f3bc4aca8ec3b9be2a (diff)
parent: c0f6ab9d6b2974e21cdc7e1256b33866013ee54b (diff)
download: mastodon_ynh-afdd8477990930e9221578e190e2c312e27a6cf9.tar.gz
mastodon_ynh-afdd8477990930e9221578e190e2c312e27a6cf9.tar.bz2
mastodon_ynh-afdd8477990930e9221578e190e2c312e27a6cf9.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/conf/nginx.conf b/conf/nginx.conf
index a183a31..156d56d 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,6 +1,9 @@
 # upload max size
 client_max_body_size 100M;
 
+# Content Security Policy : security to avoid launching unsecure script	
+add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__;";
+
 # add to v1.4 assets
 root __FINALPATH__/live/public;
author	nemsia <nemsia@nemsia.org>	2018-09-04 16:56:08 +0200
committer	GitHub <noreply@github.com>	2018-09-04 16:56:08 +0200
commit	afdd8477990930e9221578e190e2c312e27a6cf9 (patch)
tree	5f7d4369c315624a208bcce7c5dcc018369585a2 /conf/nginx.conf
parent	512ed23dd18de4c300b2d2f3bc4aca8ec3b9be2a (diff)
parent	c0f6ab9d6b2974e21cdc7e1256b33866013ee54b (diff)
download	mastodon_ynh-afdd8477990930e9221578e190e2c312e27a6cf9.tar.gz mastodon_ynh-afdd8477990930e9221578e190e2c312e27a6cf9.tar.bz2 mastodon_ynh-afdd8477990930e9221578e190e2c312e27a6cf9.zip