Skip to content

Commit 6f9d68f

Browse files
runejorunejo
authored
fix: update Content-Security-Policy to allow HTTP connections as default (#1053)
1 parent 5d10e4c commit 6f9d68f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

nginx/conf.d/headers.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,4 @@ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
55
add_header Permissions-Policy "accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), usb=()";
66
add_header X-XSS-Protection "1; mode=block";
77
# You should harden the 'connect-src' to your PxWebApi address
8-
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self' https:; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self';";
8+
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self' http:; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self';";

0 commit comments

Comments
 (0)