From faa1b0a27007a6bd41dea44a2e28f5578ddf71b4 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 13 Jul 2021 22:27:38 -0400 Subject: [PATCH] permit frames fetching resources for Element CORP --- nginx/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index d4dee8c..d96e058 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -141,7 +141,7 @@ http { root /srv/element.grapheneos.org; include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; + add_header Cross-Origin-Resource-Policy "cross-origin" always; add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; block-all-mixed-content" always; # obsolete and replaced with Content-Security-Policy frame-ancestors 'self' add_header X-Frame-Options "SAMEORIGIN" always;