jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

nginx would drop other headers if add_header is defined in the location section

Browse Source
This commit is contained in:
Johannes Zellner
2018-04-11 12:26:53 +02:00
parent 4554d9f2f8
commit 838838b90d
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
setup/start/nginx/appconfig.ejs
View File

@@ -89,6 +89,11 @@ server {
add_header Referrer-Policy "no-referrer-when-downgrade";
proxy_hide_header Referrer-Policy;
# CSP headers for the admin/dashboard resources
<% if ( endpoint === 'admin' ) { -%>
add_header Content-Security-Policy "default-src wss: https: *.cloudron.io <%= adminOrigin %>; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'";
<% } -%>
proxy_http_version 1.1;
proxy_intercept_errors on;
proxy_read_timeout 3500;
@@ -160,7 +165,6 @@ server {
# }
location / {
add_header Content-Security-Policy "default-src wss: https: *.cloudron.io <%= adminOrigin %>; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'";
root <%= sourceDir %>/dashboard/dist;
index index.html index.htm;
}