Update Content-Security-Policy header in nginx configuration

girleffect · Apr 26, 2024 · a5a4795 · a5a4795
1 parent fde7532
commit a5a4795
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/nginx/conf.d/django.conf b/nginx/conf.d/django.conf
@@ -48,6 +48,8 @@ server {
     add_header X-Frame-Options SAMEORIGIN always;
     add_header X-Content-Type-Options nosniff always;
     add_header Strict-Transport-Security "max-age=31536000" always;
+    # Inside your server block or location block
+    add_header Content-Security-Policy "default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline';" always;
     #add_header Content-Security-Policy "default-src https: 'self';" always;
     add_header Referrer-Policy "same-origin" always;
 }