Skip to content

Commit

Permalink
add browser sentry cdn domain and https protocols
Browse files Browse the repository at this point in the history
  • Loading branch information
@Zharktas
Zharktas committed Jul 29, 2024
1 parent b3b88c5 commit 17d5990
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ansible/roles/nginx/templates/nginx_security_headers.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
add_header X-XSS-Protection "1; mode=block";

# Content security policies allowing content to be loaded from specified addresses
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.matomo.cloud platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com *.disqus.com https://disqus.com *.disquscdn.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js-de.sentry-cdn.com; img-src 'self' *.avoindata.fi *.opendata.fi *.disqus.com *.disquscdn.com *.disquscdn.com www.google-analytics.com data: *.twitter.com *.twimg.com *.disqus.com www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.disquscdn.com https://www.google.com https://ajax.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' syndication.twitter.com https://platform.twitter.com https://disqus.com *.disqus.com https://www.google.com/recaptcha/; object-src 'none'; connect-src 'self' *.matomo.cloud https://links.services.disqus.com wss://realtime.services.disqus.com *.sentry.io";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.matomo.cloud platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com *.disqus.com https://disqus.com *.disquscdn.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-de.sentry-cdn.com https://browser.sentry-cdn.com; img-src 'self' *.avoindata.fi *.opendata.fi *.disqus.com *.disquscdn.com *.disquscdn.com www.google-analytics.com data: *.twitter.com *.twimg.com *.disqus.com www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.disquscdn.com https://www.google.com https://ajax.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' syndication.twitter.com https://platform.twitter.com https://disqus.com *.disqus.com https://www.google.com/recaptcha/; object-src 'none'; connect-src 'self' *.matomo.cloud https://links.services.disqus.com wss://realtime.services.disqus.com *.sentry.io";

# Strict Transport Security (use only https)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
Expand Down

0 comments on commit 17d5990

Please sign in to comment.