10 lines
573 B
Plaintext
10 lines
573 B
Plaintext
set $CSP_UPGRADE_INSECURE_REQUESTS "upgrade-insecure-requests;";
|
|
set $CSP_DEFAULT_SRC "default-src https: wss: data: blob: 'self';";
|
|
set $CSP_BASE_URI "base-uri 'self';";
|
|
set $CSP_CONNECT_SRC "connect-src 'self' *.evoleasing.ru wss:;";
|
|
set $CSP_WORKER_SRC "worker-src 'self' blob:;";
|
|
set $CSP_FONT_SRC "font-src 'self' fonts.gstatic.com fonts.googleapis.com;";
|
|
set $CSP_SCRIPT_SRC "script-src 'self';";
|
|
set $CSP_STYLE_SRC "style-src 'self' 'unsafe-inline' fonts.googleapis.com;";
|
|
set $CSP_OBJECT_SRC "object-src 'none';";
|
|
set $CSP_FRAME_ANCESTORS "frame-ancestors 'none';"; |