update example NGINX CSP configuration

pull/1/head
ansuz 3 years ago
parent 43ff745374
commit 7b14c135b3

@ -24,7 +24,8 @@ server {
# for these purposes allows you to move them to a separate machine at a later date # for these purposes allows you to move them to a separate machine at a later date
# if you find that a single machine cannot handle all of your users. # if you find that a single machine cannot handle all of your users.
# If you don't use dedicated domains, this can be the same as $main_domain # If you don't use dedicated domains, this can be the same as $main_domain
# If you do, they'll be added as exceptions to any rules which block connections to remote domains. # If you do, they can be added as exceptions to any rules which block connections to remote domains.
# You can find these variables referenced below in the relevant places
set $api_domain "api.your-main-domain.com"; set $api_domain "api.your-main-domain.com";
set $files_domain "files.your-main-domain.com"; set $files_domain "files.your-main-domain.com";
@ -86,7 +87,9 @@ server {
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}"; set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
# connect-src restricts URLs which can be loaded using script interfaces # connect-src restricts URLs which can be loaded using script interfaces
set $connectSrc "'self' https://${main_domain} https://${api_domain} blob: wss://${api_domain} https://${files_domain} https://${sandbox_domain}"; # if you have configured your instance to use a dedicated $files_domain or $api_domain
# you will need to add them below as: https://${files_domain} and https://${api_domain}
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
# fonts can be loaded from data-URLs or the main domain # fonts can be loaded from data-URLs or the main domain
set $fontSrc "'self' data: https://${main_domain}"; set $fontSrc "'self' data: https://${main_domain}";

Loading…
Cancel
Save