Content-Security-Policy For Element Web

https://github.com/vector-im/element-web#configuration-best-practices
This commit is contained in:
sakkiii 2021-06-18 23:27:23 +05:30 committed by GitHub
parent 3dd32d2512
commit 0217644b48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -12,6 +12,7 @@
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "frame-ancestors 'none'";
{% if matrix_nginx_proxy_floc_optout_enabled %} {% if matrix_nginx_proxy_floc_optout_enabled %}
add_header Permissions-Policy interest-cohort=() always; add_header Permissions-Policy interest-cohort=() always;