Merge pull request #65 from UN-OCHA/develop

CSP fix
UN-OCHA · Dec 13, 2023 · 69257ec · 69257ec
2 parents 7adf7b2 + 6338c19
commit 69257ec
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docker/etc/nginx/custom/headers.conf b/docker/etc/nginx/custom/headers.conf
@@ -1,5 +1,5 @@
 # Add security headers.
-add_header Content-Security-Policy "script-src https: *.newrelic.com bam.nr-data.net 'unsafe-inline'; img-src 'self' data: https:; font-src https: fonts.googleapis.com; connect-src https: *.newrelic.com bam.nr-data.net; report-uri /report-csp-violation; upgrade-insecure-requests";
+add_header Content-Security-Policy "worker-src 'self'; script-src https: bam.nr-data.net 'unsafe-inline'; img-src 'self' data: https:; font-src https: fonts.googleapis.com; connect-src https: bam.nr-data.net; report-uri /report-csp-violation; upgrade-insecure-requests";
 add_header Referrer-Policy "strict-origin-when-cross-origin";
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload; always;";
 add_header X-Content-Options "nosniff";