From 7b14c135b36a1da55073395b540491c3b63a6c9e Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 15 Feb 2022 15:54:33 +0530
Subject: [PATCH] update example NGINX CSP configuration

---
 docs/example.nginx.conf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 4dc2d5068..13fd7789f 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -24,7 +24,8 @@ server {
     # for these purposes allows you to move them to a separate machine at a later date
     # if you find that a single machine cannot handle all of your users.
     # If you don't use dedicated domains, this can be the same as $main_domain
-    # If you do, they'll be added as exceptions to any rules which block connections to remote domains.
+    # If you do, they can be added as exceptions to any rules which block connections to remote domains.
+    # You can find these variables referenced below in the relevant places
     set $api_domain "api.your-main-domain.com";
     set $files_domain "files.your-main-domain.com";
 
@@ -86,7 +87,9 @@ server {
     set $styleSrc   "'unsafe-inline' 'self' https://${main_domain}";
 
     # connect-src restricts URLs which can be loaded using script interfaces
-    set $connectSrc "'self' https://${main_domain} https://${api_domain} blob: wss://${api_domain} https://${files_domain} https://${sandbox_domain}";
+    # if you have configured your instance to use a dedicated $files_domain or $api_domain
+    # you will need to add them below as: https://${files_domain} and https://${api_domain}
+    set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
 
     # fonts can be loaded from data-URLs or the main domain
     set $fontSrc    "'self' data: https://${main_domain}";