mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-24 23:39:19 -04:00 
			
		
		
		
	browse: fix Content-Security-Policy warnings in Firefox (#6443)
* Remove 'strict-dynamic' + block-all-mixed-content * CSP: remove 'unsafe-inline' from script-src
This commit is contained in:
		
							parent
							
								
									4ef360745d
								
							
						
					
					
						commit
						88c7e53da5
					
				| @ -1,6 +1,6 @@ | ||||
| {{ $nonce := uuidv4 -}} | ||||
| {{ $nonceAttribute := print "nonce=" (quote $nonce) -}} | ||||
| {{ $csp := printf "default-src 'none'; img-src 'self'; object-src 'none'; base-uri 'none'; script-src 'strict-dynamic' 'nonce-%s' 'unsafe-inline' https: http:; style-src 'strict-dynamic' 'nonce-%s'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content;" $nonce $nonce -}} | ||||
| {{ $csp := printf "default-src 'none'; img-src 'self'; object-src 'none'; base-uri 'none'; script-src 'nonce-%s'; style-src 'nonce-%s'; frame-ancestors 'self'; form-action 'self';" $nonce $nonce -}} | ||||
| {{/* To disable the Content-Security-Policy, set this to false */}}{{ $enableCsp := true -}} | ||||
| {{ if $enableCsp -}} | ||||
|   {{- .RespHeader.Set "Content-Security-Policy" $csp -}} | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user