From 90c2843cd7901903b01c5c3aca03c0b79ada46c2 Mon Sep 17 00:00:00 2001 From: nmaillat Date: Wed, 2 Aug 2023 19:05:39 +0200 Subject: [PATCH] adding policies for matomo and newrelic --- docker/nginx/root/etc/nginx/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/root/etc/nginx/nginx.conf b/docker/nginx/root/etc/nginx/nginx.conf index 7048b92876..dd3cdd973a 100755 --- a/docker/nginx/root/etc/nginx/nginx.conf +++ b/docker/nginx/root/etc/nginx/nginx.conf @@ -29,7 +29,7 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Xss-Protection "1; mode=block" always; add_header Referrer-Policy strict-origin-when-cross-origin; - add_header Content-Security-Policy "default-src 'self' 127.0.0.1 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io https://www.googletagmanager.com *.google-analytics.com data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com ;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net ; object-src 'self';frame-ancestors 'self' "; + add_header Content-Security-Policy "default-src 'self' 127.0.0.1 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com ;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net ; object-src 'self';frame-ancestors 'self' "; include /etc/nginx/conf.d/*.conf; }