Fixed Content-Security-Policy

mikeiken · Dec 1, 2024 · 756a572 · 756a572
1 parent 859051b
commit 756a572
Showing 1 changed file with 17 additions and 9 deletions.
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -20,6 +20,14 @@ server {
 
     listen 80;
 
+    # Add Content Security Policy headers
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always;
+
+    # Add other security headers
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
     location / {
         # Add security headers
         proxy_set_header X-Real-IP $remote_addr;
@@ -32,17 +40,17 @@ server {
         proxy_pass http://frontend:3000/;
     }
 
-    location /api/swagger/ {
-        # Add security headers
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
+    # location /api/swagger/ {
+    #     # Add security headers
+    #     proxy_set_header X-Real-IP $remote_addr;
+    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     proxy_set_header Host $http_host;
 
-        # Prevent proxy redirects to metadata
-        proxy_redirect off;
+    #     # Prevent proxy redirects to metadata
+    #     proxy_redirect off;
 
-        proxy_pass http://django:8000/swagger/;
-    }
+    #     proxy_pass http://django:8000/swagger/;
+    # }
 
     location /api/ {
         # Add security headers