From 90b6400c511ad214c58abb3127a2e96ae6c1ae24 Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Sat, 11 Jun 2016 18:46:04 -0400
Subject: TODO

---
 roles/nginx/HOWTO_new_site.txt | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'roles')

diff --git a/roles/nginx/HOWTO_new_site.txt b/roles/nginx/HOWTO_new_site.txt
index 8126739..1834e93 100644
--- a/roles/nginx/HOWTO_new_site.txt
+++ b/roles/nginx/HOWTO_new_site.txt
@@ -48,3 +48,8 @@ For SSL stuff, add this to the body:
      # Enable STS with one year period (breaks http; optional)
      #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
 
+If your site is going to have inline Javascript (pretty common), you might need
+to swith the Content-Security-Policy line to:
+
+     add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+
-- 
cgit v1.2.3