mirror of
https://github.com/GrapheneOS/matrix.grapheneos.org.git
synced 2024-12-23 22:49:31 -05:00
drop legacy block-all-mixed-content
This commit is contained in:
parent
01a0e97fdf
commit
7f666deeb9
@ -141,7 +141,7 @@ http {
|
||||
|
||||
include snippets/security-headers.conf;
|
||||
add_header Cross-Origin-Resource-Policy "same-origin" always;
|
||||
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content" always;
|
||||
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'" always;
|
||||
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
|
||||
add_header X-Frame-Options "DENY" always;
|
||||
|
||||
@ -155,7 +155,7 @@ http {
|
||||
proxy_hide_header X-Frame-Options;
|
||||
|
||||
include snippets/security-headers.conf;
|
||||
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content" always;
|
||||
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'" always;
|
||||
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
|
||||
add_header X-Frame-Options "DENY" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
@ -186,7 +186,7 @@ http {
|
||||
|
||||
include snippets/security-headers.conf;
|
||||
add_header Cross-Origin-Resource-Policy "cross-origin" always;
|
||||
add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; block-all-mixed-content" always;
|
||||
add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'" always;
|
||||
# obsolete and replaced with Content-Security-Policy frame-ancestors 'self'
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
|
Loading…
Reference in New Issue
Block a user