Fix Content-Security-Policy for Element
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy, having both a header and the `<meta>`-tag provided by Element itself is not a problem. The 2 CSP policies get combined.
This commit is contained in:
parent
154c2bbe36
commit
6294e58304
|
@ -12,7 +12,7 @@
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
add_header Permissions-Policy interest-cohort=() always;
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
|
Loading…
Reference in a new issue