From 32c68b3a661ca303c552ecb06565be779868a930 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 28 Jul 2021 17:41:54 +0200 Subject: [PATCH] Fix the content-security header everywhere. --- templates/nginx-virthost.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/nginx-virthost.j2 b/templates/nginx-virthost.j2 index d171b6c..c5133e2 100644 --- a/templates/nginx-virthost.j2 +++ b/templates/nginx-virthost.j2 @@ -271,7 +271,7 @@ server { {% endif %} {% if nginx_set_content_security_options %} proxy_hide_header Content-Security-Policy; - add_header Content-Security-Policy "frame-ancestors{% for l in nginx_content_security_acl %} {{ l }}{% endfor %};"; + add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};"; {% endif %} server_tokens {{ item.server_tokens | default('off') }};