From a8ece37a3a0853dabe82a0d084c1a7b2718ee48a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 28 Jul 2021 14:35:12 +0200 Subject: [PATCH] Do not quote the domains in the security options. --- templates/nginx-virthost.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/nginx-virthost.j2 b/templates/nginx-virthost.j2 index 7111c95..053d52e 100644 --- a/templates/nginx-virthost.j2 +++ b/templates/nginx-virthost.j2 @@ -51,7 +51,7 @@ server { add_header X-Frame-Options "{{ nginx_x_frame_options }}"; {% endif %} {% if nginx_set_content_security_options %} - add_header Content-Security-Policy "frame-ancestors {% for l in nginx_content_security_acl %} '{{ l }}'{% endfor %};"; + add_header Content-Security-Policy "frame-ancestors {% for l in nginx_content_security_acl %} {{ l }}{% endfor %};"; {% endif %} server_tokens {{ item.server_tokens | default('off') }}; @@ -265,7 +265,7 @@ server { add_header X-Frame-Options "{{ nginx_x_frame_options }}"; {% endif %} {% if nginx_set_content_security_options %} - add_header Content-Security-Policy "frame-ancestors {% for l in nginx_content_security_acl %} '{{ l }}'{% endfor %};"; + add_header Content-Security-Policy "frame-ancestors {% for l in nginx_content_security_acl %} {{ l }}{% endfor %};"; {% endif %} server_tokens {{ item.server_tokens | default('off') }};