From 26741bdb53da194ae9264f889133f1fee4390c4a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 26 Jul 2021 10:55:30 -0400 Subject: [PATCH] Add wss: to CSP for browsers that enforce wss distinctly from other protocols --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 4fa5c8435..7ee97b16f 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -149,7 +149,7 @@ http { root /opt/socore/html; index index.html; - add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self'"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'"; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff;