web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add missing connect-src directives to example nginx conf

Browse Source
This commit is contained in:
ansuz 2020-02-17 08:48:15 -05:00
parent d9ab8d3f62
commit 1fc8c1de16
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/example.nginx.conf
View File

@ -72,7 +72,7 @@ server {
set $styleSrc "'unsafe-inline' 'self' ${main_domain}"; set $styleSrc "'unsafe-inline' 'self' ${main_domain}";
# connect-src restricts URLs which can be loaded using script interfaces # connect-src restricts URLs which can be loaded using script interfaces
set $connectSrc "'self' https://${main_domain} $main_domain https://${api_domain} blob:"; set $connectSrc "'self' https://${main_domain} ${main_domain} https://${api_domain} blob: wss://${api_domain} ${api_domain} ${files_domain}";
# fonts can be loaded from data-URLs or the main domain # fonts can be loaded from data-URLs or the main domain
set $fontSrc "'self' data: ${main_domain}"; set $fontSrc "'self' data: ${main_domain}";