Harden CSP and Referrer-Policy in HTML header

2022-03-09 11:35:48 +01:00 · 2022-03-09 11:35:48 +01:00 · 2447735aec
commit 2447735aec
parent f48f9b00e9
2 changed files with 2 additions and 1 deletions
--- a/docs/nginx_photos
+++ b/docs/nginx_photos
@ -38,7 +38,6 @@ server {
    client_max_body_size 2G;

    add_header "X-XSS-Protection" "1; mode=block";
-    add_header "Content-Security-Policy" "default-src 'self' 'unsafe-inline';";

    # Django statics and media
    # Do not directly serve media, it must be authorized