See #880: added CSP policy in deployment files

2019-07-10 15:11:29 +02:00 · 2019-07-10 15:11:29 +02:00 · 9c5f623d03
commit 9c5f623d03
parent 49978081b0
5 changed files with 25 additions and 1 deletions
--- a/docker/nginx/conf.dev
+++ b/docker/nginx/conf.dev
@ -69,6 +69,8 @@ http {
            text/x-component
            text/x-cross-domain-policy;

+        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+
        location /front/ {
            # uncomment the following line and comment the proxy-pass one
            # to use the frontend build with "yarn build"