update image-src/media-src to be more lax

This commit is contained in:
Nolan Lawson 2017-05-03 22:39:33 -07:00
parent b98af5e96d
commit 5bd6d4de27
1 changed files with 1 additions and 1 deletions

View File

@ -60,7 +60,7 @@ server {
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' data:; media-src 'self' data:; connect-src 'self' wss://example.com; font-src 'self'; frame-ancestors 'none'; manifest-src 'self';";
add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://example.com; upgrade-insecure-requests";
add_header Referrer-Policy "strict-origin-when-cross-origin";
location / {