diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf index 80c799f8c..ea8224c14 100644 --- a/docs/example.nginx.conf +++ b/docs/example.nginx.conf @@ -96,7 +96,7 @@ server { set $workerSrc "https://${main_domain}"; # script-src specifies valid sources for javascript, including inline handlers - set $scriptSrc "'self' ${main_domain}"; + set $scriptSrc "'self' resource: ${main_domain}"; set $unsafe 0; # the following assets are loaded via the sandbox domain @@ -110,7 +110,7 @@ server { # privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied if ($unsafe) { - set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' ${main_domain}"; + set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}"; } # Finally, set all the rules you composed above.