gabriel
/
nextcloud_ynh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

review fix #26 and #18 

Hye @JimboJoe,
after more investigations, rules from nextCloud and tests :)
L23```more_set_headers Content-Security-Policy "default-src  data:;";```
is enough due to **/ynhpanel.css** where yunohost image tile and fonts
are **data:base64**.

There is no SP leaks in this case.

I'll send rectification in this way.
pull/28/head
bogdanovic 9 years ago
parent
a7fa165643
commit
ae908b4597
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      conf/nginx.conf

4
conf/nginx.conf
View File

@ -20,7 +20,8 @@ location ^~ #LOCATION# {
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
more_set_headers Content-Security-Policy "default-src 'self' 'unsafe-eval' data:;";
# Add data: to allow /ynhpanel.css to be load due to image on data:base64
more_set_headers Content-Security-Policy "default-src data:;";
# Set max upload size # Set max upload size
client_max_body_size 10G; client_max_body_size 10G;
@ -83,7 +84,6 @@ location ^~ #LOCATION# {
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
more_set_headers Content-Security-Policy "default-src 'self' 'unsafe-eval' data:;";
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }

Write Preview
Loading…
Cancel
Save