Skip to content

Commit

Permalink
drop legacy block-all-mixed-content
Browse files Browse the repository at this point in the history
  • Loading branch information
@thestinger
thestinger committed Jul 11, 2023
1 parent 01a0e97 commit 7f666de
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions nginx/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ http {

include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content" always;
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'" always;
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
add_header X-Frame-Options "DENY" always;

Expand All @@ -155,7 +155,7 @@ http {
proxy_hide_header X-Frame-Options;

include snippets/security-headers.conf;
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content" always;
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'" always;
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
add_header X-Frame-Options "DENY" always;
add_header X-Robots-Tag "none" always;
Expand Down Expand Up @@ -186,7 +186,7 @@ http {

include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "cross-origin" always;
add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; block-all-mixed-content" always;
add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'" always;
# obsolete and replaced with Content-Security-Policy frame-ancestors 'self'
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Robots-Tag "none" always;
Expand Down

0 comments on commit 7f666de

Please sign in to comment.