aboutsummaryrefslogtreecommitdiffstats
path: root/roles/nginx
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2016-06-09 20:28:19 -0400
committerbnewbold <bnewbold@robocracy.org>2016-06-09 20:28:19 -0400
commit054d2805727dc7b7a74b9643529d935a42a7c920 (patch)
tree593aed1a4832d9d41821f0495b95ce963dfad765 /roles/nginx
parent3d073769c78bd66b6dfbc921627e8572ee7cc8c9 (diff)
downloadinfra-054d2805727dc7b7a74b9643529d935a42a7c920.tar.gz
infra-054d2805727dc7b7a74b9643529d935a42a7c920.zip
nginx: Content-Security-Policy that doesn't clobber inline css (WTF)
Diffstat (limited to 'roles/nginx')
-rw-r--r--roles/nginx/HOWTO_new_site.txt4
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/nginx/HOWTO_new_site.txt b/roles/nginx/HOWTO_new_site.txt
index 0989efd..8126739 100644
--- a/roles/nginx/HOWTO_new_site.txt
+++ b/roles/nginx/HOWTO_new_site.txt
@@ -40,8 +40,8 @@ For SSL stuff, add this to the body:
ssl_certificate /etc/letsencrypt/live/<cert-name>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<cert-name>/privkey.pem;
-
- add_header Content-Security-Policy "default-src 'self'";
+
+ add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
add_header X-Xss-Protection "1";