Commit 8321aa7f authored by Chris Hines's avatar Chris Hines
Browse files

alter the content-security-policy to see if I Can have backends on a different domain

parent ab9d1df2
Pipeline #12948 passed with stages
in 7 minutes and 21 seconds
......@@ -2,7 +2,7 @@ location ~ /.* {
root /opt/strudel2/spa/sv2/;
#alias /var/www/sv2/dist/sv2/;
try_files $uri$args $uri$args/ $uri/ /index.html;
add_header Content-Security-Policy "default-src 'self' *.cloud.cvl.org.au; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com";
add_header Content-Security-Policy "default-src 'self' *.cloud.cvl.org.au *.desktop.massive.org.au; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment