From 74db26a0b16556199c94276dd40fd669750b6c20 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 21 May 2020 04:05:40 +0200 Subject: cgit: Tighten Content-Security-Policy. Add frame-ancestors and form-action. --- roles/git/files/etc/nginx/sites-available/git | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index 3f2bc7f..9e9d16e 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -26,7 +26,7 @@ server { include snippets/headers.conf; add_header Content-Security-Policy - "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'"; + "default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; frame-ancestors 'none'; form-action 'self'"; include snippets/ssl.conf; ssl_certificate ssl/git.fripost.org.pem; -- cgit v1.2.3