set $CSP_UPGRADE_INSECURE_REQUESTS "upgrade-insecure-requests;";
set $CSP_DEFAULT_SRC "default-src https: wss: data: blob: 'self';";
set $CSP_BASE_URI "base-uri 'self';";
set $CSP_CONNECT_SRC "connect-src 'self' *.evoleasing.ru wss:;";
set $CSP_WORKER_SRC "worker-src 'self' blob:;";
set $CSP_FONT_SRC "font-src 'self' fonts.gstatic.com fonts.googleapis.com;";
set $CSP_SCRIPT_SRC "script-src 'self';";
set $CSP_STYLE_SRC "style-src 'self' 'unsafe-inline' fonts.googleapis.com;";
set $CSP_OBJECT_SRC "object-src 'none';";
set $CSP_FRAME_ANCESTORS "frame-ancestors 'none';";