Content-Security-Policy For Element Web
https://github.com/vector-im/element-web#configuration-best-practices
This commit is contained in:
parent
3dd32d2512
commit
0217644b48
|
@ -12,6 +12,7 @@
|
|||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
||||
|
||||
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||
add_header Permissions-Policy interest-cohort=() always;
|
||||
|
|
Loading…
Reference in a new issue