diff options
| author | Ryan Petrello <rpetrell@redhat.com> | 2020-12-04 18:39:19 +0100 |
|---|---|---|
| committer | Jake McDermott <yo@jakemcdermott.me> | 2020-12-08 19:25:46 +0100 |
| commit | 3d5f28f79097c3c4b58a45fdb7de40cff432acb9 (patch) | |
| tree | 99d97fca2b01c0242760583f91ea0a463ce99c15 /installer/roles/local_docker | |
| parent | Merge pull request #8766 from Spredzy/bump_to_nodejs14 (diff) | |
| download | awx-3d5f28f79097c3c4b58a45fdb7de40cff432acb9.tar.xz awx-3d5f28f79097c3c4b58a45fdb7de40cff432acb9.zip | |
Introduce a strict Content-Security-Policy
Diffstat (limited to 'installer/roles/local_docker')
| -rw-r--r-- | installer/roles/local_docker/templates/nginx.conf.j2 | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/installer/roles/local_docker/templates/nginx.conf.j2 b/installer/roles/local_docker/templates/nginx.conf.j2 index 0c93510bc9..327b59a2fe 100644 --- a/installer/roles/local_docker/templates/nginx.conf.j2 +++ b/installer/roles/local_docker/templates/nginx.conf.j2 @@ -67,8 +67,6 @@ http { # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; - add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; - add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) add_header X-Frame-Options "DENY"; |