diff options
| -rw-r--r-- | roles/git/files/etc/nginx/sites-available/git | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index 3f2bc7f..9e9d16e 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -9,41 +9,41 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name git.fripost.org; access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; include snippets/headers.conf; add_header Content-Security-Policy - "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'"; + "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; frame-ancestors 'none'; form-action 'self'"; include snippets/ssl.conf; ssl_certificate ssl/git.fripost.org.pem; ssl_certificate_key ssl/git.fripost.org.key; include snippets/git.fripost.org.hpkp-hdr; gzip on; gzip_vary on; gzip_min_length 256; gzip_types application/javascript application/json application/xml image/svg+xml image/x-icon text/css text/plain; location ^~ /static/ { expires 30d; alias /usr/share/cgit/; } # disallow push over HTTP/HTTPS location ~ "^/.+/git-receive-pack$" { return 403; } location ~ "^/.+/(?:info/refs|git-upload-pack)$" { |