Last active
February 7, 2018 01:17
-
-
Save AmeliaBriscoe/a43e8b5ab063589d314abc3fdc5ea2e8 to your computer and use it in GitHub Desktop.
Add X-Frame-Options and Content-Security-Policy Headers to Nginx Based Servers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add X-Frame-Option Headers | |
| add_header X-Frame-Options ALLOWALL; | |
| add_header X-Frame-Options “ALLOW-FROM https://rightmessage.com”; | |
| # Apply a CSP | |
| add_header Content-Security-Policy "frame-ancestors https:; default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; connect-src https; object-src 'none';"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment