Skip to content

Commit 91dd8ce

Browse files
raferdevraferdev
authored
Merge pull request #30 from raferdev/development
fix(nginx): add image 'data:' CSP rule
2 parents ae9cc2c + 7f4a3ab commit 91dd8ce

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

nginx/nginx.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ http {
1111

1212
add_header X-Frame-Options "SAMEORIGIN";
1313
add_header X-XSS-Protection "1; mode=block";
14-
add_header Content-Security-Policy "worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.datadoghq-browser-agent.com; frame-src 'self' *.youtube.com; object-src 'none'; base-uri 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self'; font-src 'self'; manifest-src 'self';";
14+
add_header Content-Security-Policy "worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.datadoghq-browser-agent.com; frame-src 'self' *.youtube.com; object-src 'none'; base-uri 'self'; form-action 'none'; frame-ancestors 'self'; img-src 'self' data:; font-src 'self'; manifest-src 'self';";
1515
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
1616
add_header Referrer-Policy "strict-origin";
1717
add_header Permissions-Policy "geolocation=(self),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()";

0 commit comments

Comments
 (0)