Add upgrade-insecure-requests;

This commit is contained in:
Tommy 2023-08-15 17:09:44 -07:00 committed by GitHub
parent f8fea8190a
commit 0f9f94d2ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 7 deletions

View File

@ -81,7 +81,7 @@ add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https
#### If you do not use Gravatar with SOGo #### If you do not use Gravatar with SOGo
``` ```
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'"; add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'";
``` ```
### Cross-Origin Resource, Opener, and Embedder Policies ### Cross-Origin Resource, Opener, and Embedder Policies

View File

@ -1,6 +1,6 @@
/* /*
Strict-Transport-Security : max-age=63072000; includeSubDomains; preload Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
X-Content-Type-Options : nosniff X-Content-Type-Options : nosniff
Referrer-Policy : no-referrer Referrer-Policy : no-referrer
X-Frame-Options : DENY X-Frame-Options : DENY
@ -12,27 +12,27 @@
/posts/knowledge/multi-factor-authentication/ /posts/knowledge/multi-factor-authentication/
! Content-Security-Policy ! Content-Security-Policy
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
Cross-Origin-Embedder-Policy : unsafe-none Cross-Origin-Embedder-Policy : unsafe-none
/posts/android/android-tips/ /posts/android/android-tips/
! Content-Security-Policy ! Content-Security-Policy
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
Cross-Origin-Embedder-Policy : unsafe-none Cross-Origin-Embedder-Policy : unsafe-none
/posts/android/choosing-your-android-based-operating-system/ /posts/android/choosing-your-android-based-operating-system/
! Content-Security-Policy ! Content-Security-Policy
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
Cross-Origin-Embedder-Policy : unsafe-none Cross-Origin-Embedder-Policy : unsafe-none
/posts/linux/choosing-your-desktop-linux-distribution/ /posts/linux/choosing-your-desktop-linux-distribution/
! Content-Security-Policy ! Content-Security-Policy
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
Cross-Origin-Embedder-Policy : unsafe-none Cross-Origin-Embedder-Policy : unsafe-none
/posts/linux/desktop-linux-hardening/ /posts/linux/desktop-linux-hardening/
! Content-Security-Policy ! Content-Security-Policy
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
Cross-Origin-Embedder-Policy : unsafe-none Cross-Origin-Embedder-Policy : unsafe-none
/*.xml /*.xml