consensus/docker/nginx/snippets/csp.conf


			
				
				
					
						
						
						
							
							
							add_header Content-Security-Policy "default-src 'none'; img-src blob: data: 'self'; object-src 'none'; style-src 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self'; style-src-attr 'unsafe-inline'; script-src 'none'; script-src-attr 'none'; script-src-elem 'none'; prefetch-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; navigate-to * 'self'" always;
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink