Commit 35b6469c authored by Mark van Lent's avatar Mark van Lent
parent 90257be7
......@@ -19,7 +19,7 @@ server {
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' disqus.com/api/3.0/threads/set.jsonp a.disquscdn.com/embed.js vlent.disqus.com; style-src 'self' a.disquscdn.com; img-src 'self' referrer.disqus.com/juggler/stat.gif a.disquscdn.com/next/embed/assets/img/; frame-src disqus.com a.disquscdn.com; child-src disqus.com a.disquscdn.com; object-src 'none'; upgrade-insecure-requests; reflected-xss block;";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' disqus.com/api/3.0/threads/set.jsonp a.disquscdn.com/embed.js vlent.disqus.com; style-src 'self' a.disquscdn.com; img-src 'self' referrer.disqus.com/juggler/stat.gif a.disquscdn.com/next/embed/assets/img/; frame-src disqus.com a.disquscdn.com; child-src disqus.com a.disquscdn.com; object-src 'none'; upgrade-insecure-requests; reflected-xss block; frame-ancestors 'none';";
add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
server_tokens off;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment