mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2024-12-13 07:56:23 +00:00
14 lines
792 B
Plaintext
14 lines
792 B
Plaintext
# security headers
|
|
|
|
# Consider configuring "helmet" option in config.js instead, if applicable.
|
|
# Said options will limit the header tags only to pages served by lolisafe service,
|
|
# and not the uploaded files that will instead be directly served by nginx.
|
|
|
|
#add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; media-src 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:";
|
|
add_header Permissions-Policy "accelerometer=(), autoplay=(self), camera=(self), fullscreen=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=(self)";
|
|
|
|
# . files
|
|
location ~ /\.(?!well-known) {
|
|
deny all;
|
|
}
|