1
0

style-src unsafe-inline was removed because it doesn't needed anymore.

This commit is contained in:
Alexander Andreev 2023-08-22 18:21:25 +04:00
parent 5567de7de1
commit 4e098ec665
Signed by: Arav
GPG Key ID: D22A817D95815393

View File

@ -11,7 +11,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/arav.su/privkey.pem;
add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'self'";
add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'self'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";