aboutsummaryrefslogtreecommitdiffstats
path: root/roles/nginx
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2016-06-11 18:46:04 -0400
committerbnewbold <bnewbold@robocracy.org>2016-06-11 18:46:04 -0400
commit90b6400c511ad214c58abb3127a2e96ae6c1ae24 (patch)
tree2b892847cbb1afb46febdd5ba4fc97baca19d99c /roles/nginx
parent06c543126a2666d6793523332c1319f5061ff8a6 (diff)
downloadinfra-90b6400c511ad214c58abb3127a2e96ae6c1ae24.tar.gz
infra-90b6400c511ad214c58abb3127a2e96ae6c1ae24.zip
TODO
Diffstat (limited to 'roles/nginx')
-rw-r--r--roles/nginx/HOWTO_new_site.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/nginx/HOWTO_new_site.txt b/roles/nginx/HOWTO_new_site.txt
index 8126739..1834e93 100644
--- a/roles/nginx/HOWTO_new_site.txt
+++ b/roles/nginx/HOWTO_new_site.txt
@@ -48,3 +48,8 @@ For SSL stuff, add this to the body:
# Enable STS with one year period (breaks http; optional)
#add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+If your site is going to have inline Javascript (pretty common), you might need
+to swith the Content-Security-Policy line to:
+
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+